Closed dtoubelis closed 9 years ago
dtoubelis
commented
9 years ago Also, it seems that you do OpenSSL library initialization during ad_server_start() call. This initialization is usually done in the beginning of main() method, so for embeddable server this isn't the right place to do it. Another reason to segregate SSL_CTX creation.
wolkykim
commented
9 years ago Hi, Dmitri,
Sounds good to me. If you'd like to work the improvements, I'd love to see your patch. For now, I'm having very busy time so please allow me to get back to all your posting on this weekend.
dtoubelis
commented
9 years ago If you generally agree with the approach then I can definitely do that.
I'm trying to use it as an HTTPS frontend for ZeroMQ based application and it looks promising so far.
wolkykim
commented
9 years ago Oh yeah, I've read your 2 postings above and agree with you. The rest of postings you posted separately I didn't have a chance to look at yet but will take a look shortly and leave my comments there in this week. Thanks.
wolkykim
commented
9 years ago Thank you for the improvement.
Hi,
I'm trying to write SSL server using your library and I intend to heavily customize SSL context. The issue I'm having is that
SSL_CTXis only available when server is started. This poses two issues for me:SSL_CTXafter it had been used to create SSL sessions, which is always a possibility with the current API.Here are some suggestions you may consider:
SSL_CTXof their liking.SSL_CTXtoad_server_start()or as an option ofad_server(orNULLif no SSL support is needed).server.enable_ssl,server.ssl_cert,server.ssl_pkeyserver optionsSSL_CTXas a starting point for simple applications, something along these linesSSL_CTX *ad_create_ssl_context (const char *cert_path, const char *priv_key_path).