chicken-hackers
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Chicken-hackers] tcp-shutdown


From: Thomas Chust
Subject: Re: [Chicken-hackers] tcp-shutdown
Date: Thu, 26 Jul 2012 14:40:35 +0200
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:14.0) Gecko/20120721 Firefox/14.0.1 SeaMonkey/2.11

Seth Alves wrote:
> [...]
> I have some code that uses the openssl egg.  I'm not able to find a way
> (as a client) to send eof to the server.
> [...]

Hello Seth,

you can shutdown the entire SSL connection by closing both the input and
output ports connected to the peer. However there is no way to shutdown
only the sending or receiving end of a connection like it is possible
with BSD sockets.

I you close only one of the ports of an SSL connection, the access to
that channel from Scheme becomes impossible but nothing really changes
on the lower abstraction layers.

This is not simply due to my laziness when creating the OpenSSL egg but
because I don't know of any safe way to partially shutdown an SSL
connection. To my knowledge the OpenSSL API and the SSL protocol itself
only support shutting down the entire SSL session and not signalling end
of stream on either the input or output channel.

> [...]
> I can do something like
> 
>   (tcp-shutdown (ssl-port->tcp-port (cadr ssl-sock)) 1)
> [...]

This is definitely not safe and may lead to data loss. The problem is
that any sort of SSL communication, be it receiving or sending data, may
trigger features like key renegotiation that would not be possible if
one direction of the underlying network transport was disabled. Hence,
if you just disable the underlying TCP output channel, your SSL peer
will probably see an end of stream on its input channel, but she might
not be able to send any more data back to you either!

I would suggest implementing the necessary end of stream signalling in a
higher level protocol on top of SSL.

Ciao,
Thomas


-- 
When C++ is your hammer, every problem looks like your thumb.





reply via email to

[Prev in Thread] Current Thread [Next in Thread]