与子进程共享SSL套接字 [英] Share SSL socket with child process

问题描述

我在需要支持wss://的服务器上工作.服务器需要处理websocket标头，以识别请求，然后可以决定将SSL上下文传递给工作进程.目前，服务器使用OpenSSL进行SSL通讯，但是据我了解，使用OpenSSL无法在进程之间共享安全套接字(在父进程中使用SSL_SESSION，在子进程中使用d2i_SSL_SESSION/SSL_CTX_add_session进行尝试)-参考: http://openssl.6102.n7.nabble.com/How-to-share-SSL-sessions-between-parent-and-child-process-when-doing-fork-exec-td11077.html

I'm working at a server that needs to support wss://. The server needs to process the websocket header, to identify the request, and then may decide to pass the SSL context to a worker process. For now, the server uses OpenSSL for SSL comunications, but from my understanding sharing a secure socket between processes is not possible with OpenSSL (tried with SSL_SESSION in parent process and d2i_SSL_SESSION/SSL_CTX_add_session in child process) - reference: http://openssl.6102.n7.nabble.com/How-to-share-SSL-sessions-between-parent-and-child-process-when-doing-fork-exec-td11077.html.

我正在寻找其他可能允许这样做的SSL库，目前正在研究NSS.

I'm looking to other SSL libraries that may allow this, currently looking at NSS.

任何成熟的开源SSL库都可以做到这一点吗?

Is this possible with any mature open source SSL library?

推荐答案

经过几个月的尝试，找到了使用libssl实现此目标的方法之后，我决定进行自己的TLS实现.如果没有了解和修改libssl(或libressl)，我发现无法实现此功能.我仍然认为这是可能的，只是我没有找到方法.我已经从头开始实现了TLS库，并将其放在 github 上.现在，我有了两个必需的函数tls_export_context和tls_import_context.

After a few months of trying to find a way to achieve this with libssl, I decided to make my own TLS implementation. I found no way of implementing this functionality without understanding and modifying libssl (or libressl). I still think is possible, I just didn't find a way. I've implemented a TLS library from scratch and put it on github. Now I have the two needed functions tls_export_context and tls_import_context.

这篇关于与子进程共享SSL套接字的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！