Closed Bug 456153 Opened 17 years ago Closed 2 years ago

New functions that provide direct access to the SSL protocol state machine

Categories

(NSS :: Libraries, enhancement, P5)

Product:
NSS
Component:
Libraries
Version:
3.12
Type:
enhancement

Tracking

(Not tracked)

Status:
RESOLVED WONTFIX

People

(Reporter: wtc, Unassigned)

Details

Many applications have their own I/O event loop. NSPR supports the blocking and non-blocking I/O models, but not the asynchronous I/O model. So it is difficult to retrofit NSS's SSL sockets into applications that use an asynchronous I/O model. One solution to this problem is to add new functions that provide direct access to the SSL protocol state machine in libSSL, so that these applications can continue to use their async I/O model and I/O event loop for sending and receiving the SSL messages. The system SSL library on Windows, the Schannel, is such an API. I don't know if OpenSSL has functions that provide direct access to its SSL protocol state machine. But there is a technique, known to OpenSSL developers, that emulates a state machine API by pushing a memory buffer "BIO" layer underneath OpenSSL. Dan Kegel told me yesterday that he did that before, and my web search found demos of this technique at: http://marc.info/?l=openssl-cvs&m=96765922414155&w=2 https://svn.apache.org/repos/asf/httpd/httpd/tags/2.0.18/modules/tls/openssl_state_machine.c http://iep.water.ca.gov/d/bin/sbin/site/ssl/doc/openssl/demos/tunala/ This technique should also work for NSS. Perhaps before we add the new functions, we should first develop a demo program of this trick for NSS, which should relieve the pressure for these new functions.
Severity: normal → S3
Severity: S3 → S4
Status: NEW → RESOLVED
Closed: 2 years ago
Priority: -- → P5
Resolution: --- → WONTFIX
You need to log in before you can comment on or make changes to this bug.