[tpop3d-discuss] SSL support
Chris Lightfoot
chris at ex-parrot.com
Sun, 16 Jun 2002 11:54:46 +0100
On Sun, Jun 16, 2002 at 12:13:48PM +0200, Angel Marin wrote:
> I have started the development of the ssl support for tpop3d. I have a
> working snapshot, but its only an starting point of what shoud be. So if
> anybody whants to test it and send problems/bugs/suggestions I will do my
> best to improve it.
Thanks for your contribution, but there's a serious
problem with this patch which also applies to Ben
Schumacher's earlier patch, which is that a call to
SSL_write may block on a read from the client, if it has
requested renegotiation. This means, in effect, that you
can't safely mix blocking calls to SSL_read and SSL_write
with the use of select(2). This is fine during the
transaction phase, but no good during the authentication
phase.
See
http://lists.beasts.org/pipermail/tpop3d-discuss/2002-January/000380.html
The intention for enabling TLS support in tpop3d is to
have it fork a helper process to do the TLS stuff (one
could also use a thread, but let's not go there...). This
is plenty ugly but probably preferable to implementing the
horrid TLS state machine inside tpop3d. The actual proxy
code for tpop3d would be something like proxy.c from
tlsproxyd.
--
``What would you call the creation of the universe?''
``The Horrendous Space Kablooie!''
(Calvin and Hobbes)