Serialize/Deserialize SSL state

[Jakob Bohm]

On 09/08/2019 23:21, Felipe Gasper wrote:
>> On Aug 9, 2019, at 3:42 PM, Osama Mazahir via openssl-users <openssl-users at openssl.org> wrote:
>>
>> Is there a way to serialize and deserialize the ssl_st state (i.e. including any child objects)?
>>   
>> Background: I would like to handoff all the SSL state (along my own managed state, file descriptors, etc) to another Linux running process (I will handle the IPC handoff).  The connection already had its handshake completed, app data flow had already occurred (i.e. it is not a new or early’ish context).  So, trying to see if it is possible to serialize the openssl state, shove it through a unix domain socket to the target process and then have the target process unpack the openssl state and resume IO.
> For what it’s worth, I have also wished for something like this, where I could pass a file descriptor as well as the OpenSSL state over a socket to a separate process.
>
A possible workaround is to run the SSL code in a dedicated process
and hand around a pipe or unix domain socket carrying the plaintext.

If this is server side, the SSL process could be run under a
dedicated UID which has exclusive access to load the private key etc.,
but no access to the stored application data.

Enjoy

Jakob
-- 
Jakob Bohm, CIO, Partner, WiseMo A/S.  https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark.  Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded