Skip to content

Delayed SSL Support #1

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 7 commits into
base: master
Choose a base branch
from
Open

Delayed SSL Support #1

wants to merge 7 commits into from

Conversation

scottgifford
Copy link

These patches contain:

  • Delayed SSL support in sslserver and sslclient (-y option)
  • Support for a privilege separated SSL process in sslserver with optional chroot and setting uid and gid
  • Small fixes to SSL error handling
  • Add option to just close the connection after requesting SSL shutdown (-j, the default) instead of waiting for the other side to acknowledge our shutdown (-J, the old behavior). This fixes hangs with some servers.

Scott Gifford added 7 commits September 3, 2011 22:37
Original patch ucspi-tls patch from 2005
cc22b47
Original ucspi-tls patches from 2005
2025f8c 
  * Privilege separation in sslserver
  * Support for chroot(2) in sslserver
  * Support for changing UID and GID in sslserver
  * Support for delayed TLS in sslserver using the ucspi-tls protocol.  See http://www.suspectclass.com/sgifford/ucspi-tls/
TLS support for client, ucspi-tls code refactoring and cleanup
69a15e1 
  * Add delayed TLS support with ucspi-tls to sslclient (sponsored by Meixler Technologies, Inc.)
  * Refactor and improve ucspi-tls code
  * Add sample client code in ucspitls.[ch]
  * Add ucspi-ssl test program
TLS support for client, ucspi-tls code refactoring and cleanup
eb45b28 
      * Add delayed TLS support with ucspi-tls to sslclient (sponsored by Meixle
      * Refactor and improve ucspi-tls code
      * Add sample client code in ucspitls.[ch]
      * Add ucspi-ssl test program
* Synchronous wait for child process in case we are not activated
9cf8a38
* Don't retry after SSL_ERROR_SSL
2d3180c
* Modify ssl_io to take an extensible ssl_io_opt structure instead o…
af2aa8d 
…f just the timeout.

  * Implement new -j/-J switch to activate "just_shutdown" option in ssl_io.  This option causes the SSL connection to be shutdown before the SSL protocol has been fully shutdown.  This is allowed by the specs, and seems to improve compatibility, and so is the default.
  * Document added options in documentation.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@scottgifford