Age | Commit message (Collapse) | Author |
|
Also, and more importantly, significantly rewrite stls_run()
for better full-duplex support. This implementation isn't fully
tested yet.
Signed-off-by: Laurent Bercot <ska@appnovation.com>
|
|
Signed-off-by: Laurent Bercot <ska@appnovation.com>
|
|
Implementation for bearssl coming soon.
|
|
|
|
|
|
|
|
|
|
- the TLS tunnel itself should be transparent so it has no business
shutting down the connection no matter how long the app takes
- there's still an undetectable situation on some kernels where
EOF doesn't get transmitted from the network, and the engine is in
the handshake, and it can't do anything but wait forever. A timeout
is useful here: dawg, your peer is never going to send any more data,
you should just give up.
- if the situation happens after the handshake, the *app* should
have a timeout and die. The tunnel will follow suit.
- libtls has a blocking tls_handshake() blackbox, we cannot give it
a timeout. Too bad, use bearssl.
|
|
|
|
|
|
Signed-off-by: Colin Booth <colin@heliocat.net>
|
|
|
|
|
|
XXX marks what must change when skalibs changes.
Also started writing functions for client certificate support
in sbearssl, but it's not working yet (need more high-level
support from BearSSL before it can work)
|
|
|
|
|
|
|