[prev in list] [next in list] [prev in thread] [next in thread] 

List:       kde-core-devel
Subject:    Re: Proposal for the SSL stuff
From:       Alex Zepeda <jazepeda () pacbell ! net>
Date:       2000-07-25 21:14:17
[Download RAW message or body]

On Tue, 25 Jul 2000, David Faure wrote:

> What hasn't been discussed is : what should https:// and other SSL protocols
> do when there is no SSL support ? Silently use the non-ssl protocol,
> (which I believe they do now?), show an error/warning, ... ?
> If they do anything, then separating binaries doesn't make sense,
> since a kio_https binary is needed even if there is no ssl support...

Ugh. Look at how the pop3 ioslave does it.  

  // Are we looking to use SSL?
  if (strcasecmp(argv[1], "pop3s") == 0)
        slave = new POP3Protocol(argv[2], argv[3], true);
  else
        slave = new POP3Protocol(argv[2], argv[3], false);

Therebydoing this in the TCPSlave base, instead of having it do:

#ifdef HAVE_SSL
        if (m_bIsSSL) {
                return SSL_read(ssl, static_cast<char *>(data), len);
        } else
#endif
        {
                return ::read(m_iSock, data, len);
        }

We could do something else.  Noting that SSL_read is the function provided
by openssl.  Now, if that were replaced by a stub in another library that
would be dlopened if m_bIsSSL were true... and it would provide something
analogous to SSL_read.  If the library was compiled without SSL support it
would let someone know via an error, and the slave would die off.

Now one can't just dlopen the openssl libs because that would require the
thing doing the dlopening to know about the openssl structures.  However,
if one were to wrap them in a library exporting generic read/write/auth
functions and generic structures, all would be well.  This would also
allow for another ssl implementation to take its place.

- alex

[prev in list] [next in list] [prev in thread] [next in thread]