ipuustin
commented
4 years ago @rojkov Do you know if this has any implications to the current BoringSSL implementation? I mean, should this work be reproduced also there?
Closed rojkov closed 4 years ago
ipuustin
commented
4 years ago @rojkov Do you know if this has any implications to the current BoringSSL implementation? I mean, should this work be reproduced also there?
rojkov
commented
4 years ago @ipuustin That may well be the case for BoringSSL as well unless its private key method providers somehow disconnect an Envoy connection from its socket's fd until SslSocket::onPrivateKeyMethodComplete() is about to be called (so that SslSocket::onRead() and SslSocket::onWrite() are not called while boringssl reads and writes to the socket while handshaking).
Extend sockets' state machine to accommodate the case when the underlying OpenSSL engine doesn't expect
SSL_do_handshake()call until the asynchronous callback registered by a connection is called by the engine.