(START)TLS between servers?
Russ Allbery
rra at stanford.edu
Mon Apr 4 19:45:31 UTC 2011
Steve Crook <steve at mixmin.net> writes:
> On Sun, Apr 03, 2011 at 03:23:25PM -0700, Russ Allbery wrote:
>> nnrpd was very easy to add TLS support to because every connection to
>> nnrpd has its own separate process. Both innd and innfeed make heavy
>> use of non-blocking I/O. The TLS libraries do have some support for
>> that, but my experience is that it's very difficult to get it to work
>> properly.
> I think libevent might help with this scenario:
> http://monkey.org/~provos/libevent/
Yeah, libevent is basically a generic implementation of the innd channel
infrastructure. Probably the best way to move forward with this (and with
many things in innd, actually) would be to see if we could replace
channels with libevent so that we could stop maintaining our own version
of the same basic idea. That would also, it looks like, give us poll
support for "free."
However, because innd channels were never a separate library, a lot of
INN-specific stuff has snuck into the channel layer, such as prioritizing
certain channels over others and some special-case handling of local UNIX
domain socket connections. Replacing this is quite a bit of work, and is
one of those things that could end up as a half-finished project (like
fixing the overview and history APIs).
--
Russ Allbery (rra at stanford.edu) <http://www.eyrie.org/~eagle/>
Please send questions to the list rather than mailing me directly.
<http://www.eyrie.org/~eagle/faqs/questions.html> explains why.
More information about the inn-workers
mailing list