From: Sam <sah@softcardsystems.com>
To: <9fans@cse.psu.edu>
Cc: <dong@plan9.bell-labs.com>
Subject: Re: [9fans] TLSServer?
Date: Sat, 15 Nov 2003 11:01:30 -0500 [thread overview]
Message-ID: <Pine.LNX.4.30.0311151046370.15362-100000@athena> (raw)
In-Reply-To: <E1AJEAX-000OY3-9h@t40.swtch.com>
> If you want the Plan 9 interface (just pushtls and use the resulting fd
> in normal I/O), the right thing to do seems to be to create a pipe and
> then run openssl in a child encrypting between the pipe and your old fd.
> Then you can use the pipe as your normal encrypted fd. There was a
> library that did this (either with or without SSL) (by someone in
> Australia, perhaps?) but I cannot find it online anymore. Presumably
> it's not _too_ hard to write the appropriate program using OpenSSL
> (maybe it's even an example). The pipe+exec code is trivial.
Sorry for the late response - I just got back to looking at this today.
There's only one problem with the pleasantly trivial solution above. The
unices still have unidirectional pipes, so I can't read and write the
returned fd.
I'm looking at implementing serveopenssl(int, ...) that takes an already
set up socket fd ready for accept and the tls cert necessities. I plan
to return a socket descriptor for a unix domain server, and as I get
completed tls connections I'll make a client connect to the udom server
and marshal data back and forth.
Sure seems like a lot of work just to get the security insulated from
the application code. Suggestions welcomed.
Sam
next prev parent reply other threads:[~2003-11-15 16:01 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2003-11-10 14:25 Sam
2003-11-10 15:35 ` David Presotto
2003-11-10 15:41 ` Russ Cox
2003-11-15 16:01 ` Sam [this message]
2003-11-15 17:24 ` Russ Cox
2003-11-15 16:31 ` Sam
2003-11-16 4:14 ` boyd, rounin
2003-11-16 4:46 ` William Josephson
2003-11-16 7:12 ` boyd, rounin
2003-11-10 17:21 ` William Ahern
2003-11-10 20:10 ` Andrew Simmons
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=Pine.LNX.4.30.0311151046370.15362-100000@athena \
--to=sah@softcardsystems.com \
--cc=9fans@cse.psu.edu \
--cc=dong@plan9.bell-labs.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).