[Date Prev] [Date Index] [Date Next] [Thread Prev] [Thread Index] [Thread Next]

ssl for conserver client/server communications

bryan bryan@conserver.com
Wed, 25 Sep 2002 20:30:00 -0700 (PDT)

well folks, i've been reading the new o'reilly openssl book and trying to get
my head around what it would take to incorporate openssl into the client/server
code.  looks relatively easy on the surface, but then i started to look at the
details.  because the code is using non-blocking sockets and ssl connections
can be renegotiated (i'm not 100% sure if the app *has* to initiate it or if
it really can happen after a certain amount of data transfer, so that keys
change) many things need to change inside the main select() loop.

why am i saying this?  well, two reasons.  first, i wanted folks to know that
i'm actively working on encrypting the data between the client and server.  i
have a need to learn something new - openssl is it (and by no means am i going
to call myself an expert once this is over, just more knowlegable than before).
second, i'm looking for pointers or help regarding openssl from any experts
that might be out there.  maybe it could be a code review or maybe just a list
of dos and don'ts.  basically, if you're familiar with the openssl api and have
time, i'd love to know you exist (like the whole renegotiation thing - since
we're in control of the client and server, can i just ignore it since i'm not
asking for one and not have to rewrite major chunks of code?).

with that, i'll leave you all.  i'm going to go dig more into that whole
renegotiation thing, maybe the answer is in a man page.  either way i'll
probably just ignore it for now and cause the code to die a horrible death
if it's happening.  at least i'll be making progress and i can redo the
ugly stuff later.  again, i'd love to hear from anyone with more knowledge
than the o'reilly book.  ;-)