From mboxrd@z Thu Jan  1 00:00:00 1970
To: 9fans@cse.psu.edu
Cc: dong@plan9.bell-labs.com
Subject: Re: [9fans] TLSServer?
In-Reply-To: Your message of "Mon, 10 Nov 2003 09:25:18 EST."
             <Pine.LNX.4.30.0311100919570.21648-100000@athena>
From: "Russ Cox" <rsc@swtch.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-ID: <94365.1068478887.1@t40.swtch.com>
Message-Id: <E1AJEAX-000OY3-9h@t40.swtch.com>
Date: Mon, 10 Nov 2003 10:41:27 -0500
Topicbox-Message-UUID: 84fa1a14-eacc-11e9-9e20-41e7f4b1d025

> I need to write a Unix application that uses TLS/SSL.  I
> looked at using OpenSSL, but lordy mama -- what an interface.
> Since I only need to do the server side of the communication,
> I thought perhaps the Plan 9 tls stuff could be used.
>
> Comments?  How much work would it be to get the current
> code working in a Unix environ?

Step 1.  Write a kernel driver to do the TLS record-layer marshalling.
Not so easy.

If you want the Plan 9 interface (just pushtls and use the resulting fd
in normal I/O), the right thing to do seems to be to create a pipe and
then run openssl in a child encrypting between the pipe and your old fd.
Then you can use the pipe as your normal encrypted fd.  There was a
library that did this (either with or without SSL) (by someone in
Australia, perhaps?) but I cannot find it online anymore.  Presumably
it's not _too_ hard to write the appropriate program using OpenSSL
(maybe it's even an example).  The pipe+exec code is trivial.

I think Dong Lin has code that does this somewhere.

Russ