Age | Commit message (Collapse) | Author |
|
Signed-off-by: Laurent Bercot <ska@appnovation.com>
|
|
Also, and more importantly, significantly rewrite stls_run()
for better full-duplex support. This implementation isn't fully
tested yet.
Signed-off-by: Laurent Bercot <ska@appnovation.com>
|
|
Signed-off-by: Laurent Bercot <ska@appnovation.com>
|
|
Signed-off-by: Laurent Bercot <ska@appnovation.com>
|
|
Signed-off-by: Laurent Bercot <ska@appnovation.com>
|
|
Signed-off-by: Laurent Bercot <ska@appnovation.com>
|
|
Implementation for bearssl coming soon.
|
|
Also send a bit more environment with libtls
|
|
|
|
|
|
|
|
|
|
|
|
- the TLS tunnel itself should be transparent so it has no business
shutting down the connection no matter how long the app takes
- there's still an undetectable situation on some kernels where
EOF doesn't get transmitted from the network, and the engine is in
the handshake, and it can't do anything but wait forever. A timeout
is useful here: dawg, your peer is never going to send any more data,
you should just give up.
- if the situation happens after the handshake, the *app* should
have a timeout and die. The tunnel will follow suit.
- libtls has a blocking tls_handshake() blackbox, we cannot give it
a timeout. Too bad, use bearssl.
|
|
|