Can a linux service work as both TLS client and server?

Kristen Webb kwebb at teradactyl.com
Fri Nov 15 22:49:04 UTC 2019


Hi Phil,
Thanks for such a fast response!  I am doing the polling today.

I believe I left something very important out of my original question.
I only have 1 well known port to accept all of my connections.

TLS_client_app -> service on portA (needs to be a TLS_server)
TLS_server_app -> service on portA (needs to be a TLS_client)

The problem is that when the service accept()'s the connection it does
not know what type of app made the connection so it cannot decide
if it should act as the TLS client or server (unless I send a 1/0 hint
over TCP first).

Kris




On Fri, Nov 15, 2019 at 3:28 PM Phil Neumiller <pneumiller at directstream.com>
wrote:

> Sure, you just need additional threads.  Note: accept is a blocking call so
> the thread that runs in (i.e. your server side will block until a packet is
> received).  You can write a polling loop using select, that doesn't block.
> The cleanest thing to do is have a thread for client(s) and one for
> server.
> I have done this with C++17 with TLS1_3_Client and TLS1_3_Server classes
> with accept loop member functions started as std::thread.
>
>
>
> -----
> Phillip Neumiller
> Platform Engineering
> Directstream, LLC
> --
> Sent from: http://openssl.6102.n7.nabble.com/OpenSSL-User-f3.html
>


-- 
This message is NOT encrypted
--------------------------------
Mr. Kristen J. Webb
Chief Technology Officer
Teradactyl LLC.
2450 Baylor Dr. S.E.
Albuquerque, New Mexico 87106
Phone: 1-505-338-6000
Email: kwebb at teradactyl.com
Web: http://www.teradactyl.com



Providers of Scalable Backup Solutions
   for Unique Data Environments

--------------------------------
NOTICE TO RECIPIENTS: Any information contained in or attached to this
message is intended solely for the use of the intended recipient(s). If
you are not the intended recipient of this transmittal, you are hereby
notified that you received this transmittal in error, and we request
that you please delete and destroy all copies and attachments in your
possession, notify the sender that you have received this communication
in error, and note that any review or dissemination of, or the taking of
any action in reliance on, this communication is expressly prohibited.


Regular internet e-mail transmission cannot be guaranteed to be secure
or error-free. Therefore, we do not represent that this information is
complete or accurate, and it should not be relied upon as such. If you
prefer to communicate with Teradactyl LLC. using secure (i.e., encrypted
and/or digitally signed) e-mail transmission, please notify the sender.
Otherwise, you will be deemed to have consented to communicate with
Teradactyl via regular internet e-mail transmission. Please note that
Teradactyl reserves the right to intercept, monitor, and retain all
e-mail messages (including secure e-mail messages) sent to or from its
systems as permitted by applicable law
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20191115/32ca7990/attachment-0001.html>


More information about the openssl-users mailing list