Hi all,
I have an application in which a "master" process creates a socket,
connects to a server app, and forks off a few children sharing the open
file descriptor for that connection with its children. All of the
children use the shared descriptor to send messages, synchronized
through shared memory + semaphores. I've left out a lot of details and
reasons for this approach, but you hopefully get the idea and it
suffices to say it works fine.
Now I wonder what would be the easiest way to SSL-enable that scenario.
I do have SSL working fine in a single-process scenario but wonder how
well the concept of a file descriptor shared between processes
translates to BIOs.
I'm assuming that open SSL BIOs cannot be shared across forks because
the SSL contexts in individual processes will get out of sync when
output is written from multiple processes, correct?
At least this appears to match my observations, which are that SSL_read
on the server end dies with a return value of -1 and SSL_get_error
reports SSL_ERROR_SSL.
So what is the easiest way to solve this -- is there an easy way to put
a single SSL connection's state into shared memory, or should I abandon
this approach and insist on all SSL communication on a single connection
being performed within the same process?
Feedback will be much appreciated.
Cheers,
Christian.
--
________________________________________________________________________
http://www.cl.cam.ac.uk/~cpk25
http://www.whoop.org
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
