[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [Libevent-users] the best practice of disabling openssl client renegotiation in libevent2?



On Thu, Aug 17, 2017 at 10:03 AM, Zhuang Yuyao <mlistz@xxxxxxxxx> wrote:
> hi,
>
> disabling ssl client renegotiation in libevent2 seems quite troublesome and
> inconvenient, the only examples I can find are these following patches:
>
> https://github.com/tatsuhiro-t/spdylay/commit/1509c901b6d24affcfc0ec15243085bfc77c1d7b
> https://github.com/tatsuhiro-t/spdylay/commit/0d2311153fb2b9059a7c8e36de9ab1031580d6f2
>
> using filter/underlying bufferevent causes a lot modifications in source
> code such as special calculation of evbuffer length, extra code to handle
> raw input, which destroyed the elegance of codes.
>
> so I'm wondering what is the best practice of disabling openssl client
> renegotiation in libevent2? presume the source code of libevent2 can be
> modified and the binary compatible is not an issue.

Hi,

Well there is no "best practice" since you as the first who asked this.

You can add SSL_CTX_set_info_callback() in bufferevent_openssl.c and
just init EOF (like on conn_closed()) once you receive
SSL_CB_HANDSHAKE_START
(though I don't see how tls_raw_readcb() helps in the second patch)
***********************************************************************
To unsubscribe, send an e-mail to majordomo@xxxxxxxxxxxxx with
unsubscribe libevent-users    in the body.