[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: SSL and TLS questions
On Mon, 2002-07-29 at 04:55, Bodo Moeller wrote:
> On Sun, Jul 28, 2002 at 07:32:57PM -0400, Nick Mathewson wrote:
>
> > 1) Could somebody point me at some OpenSSL example code for
> > client-initiated key renegotiation on an *asynchronous* (nonblocking)
> > socket? [...]
>
> http://www.rtfm.com/openssl-examples/ (article part 2)
I've seen this, but it only seems to describe how initiate a new
handshake from the server. Suppose I want to initiate a new handshake
from the client instead -- can it be done? Is it similar? Will the
SSL_set_session_id_context/SSL_renegotiate/SSL_do_handshake/
SSL->state=SSL_ST_ACCEPT trick/SSL_do_handshake sequence still work?
If the answer is yes, cool. :)
Also, the code in question seems to assume that renegotiate and
do_handshake never need to be retried. Does that mean that they never
do any network communication, or that the example uses a blocking
connection? If the latter (most likely), are there any issues with
using them with a nonblocking connection, or do they return
WANT_READ/WANT_WRITE as normal?
> > 2) OpenSSL's license is problematic: you can't link it with GPL'd code.
>
> OpenSSL is just a library, and for some systems it has become part of
> the standard OS distribution, so you don't have to worry about this
> that much. Note that the GPL makes an exception for "anything that is
> normally distributed (in either source or binary form) with the major
> components (compiler, kernel, and so on) of the operating system on
> which the executable runs"; thus you can link OpenSSL with GPLed code
> even though the licenses may be incompatible.
Hm. I'll let Roger or somebody more license-knowledgeable than I am
speak to this one.
Yrs,
--
Nick