Re: SSL and TLS questions

[Nick Mathewson <nickm@alum.mit.edu>]

On Mon, 2002-07-29 at 04:55, Bodo Moeller wrote:
> On Sun, Jul 28, 2002 at 07:32:57PM -0400, Nick Mathewson wrote:
> 
> > 1) Could somebody point me at some OpenSSL example code for
> > client-initiated key renegotiation on an *asynchronous* (nonblocking)
> > socket? [...]
> 
> http://www.rtfm.com/openssl-examples/ (article part 2)

I've seen this, but it only seems to describe how initiate a new
handshake from the server.  Suppose I want to initiate a new handshake
from the client instead -- can it be done?  Is it similar?  Will the
SSL_set_session_id_context/SSL_renegotiate/SSL_do_handshake/
SSL->state=SSL_ST_ACCEPT trick/SSL_do_handshake sequence still work?

If the answer is yes, cool. :)

Also, the code in question seems to assume that renegotiate and
do_handshake never need to be retried.  Does that mean that they never
do any network communication, or that the example uses a blocking
connection?  If the latter (most likely), are there any issues with
using them with a nonblocking connection, or do they return
WANT_READ/WANT_WRITE as normal?

> > 2) OpenSSL's license is problematic: you can't link it with GPL'd code. 
> 
> OpenSSL is just a library, and for some systems it has become part of
> the standard OS distribution, so you don't have to worry about this
> that much.  Note that the GPL makes an exception for "anything that is
> normally distributed (in either source or binary form) with the major
> components (compiler, kernel, and so on) of the operating system on
> which the executable runs"; thus you can link OpenSSL with GPLed code
> even though the licenses may be incompatible.

Hm.  I'll let Roger or somebody more license-knowledgeable than I am
speak to this one.

Yrs,
-- 
Nick