Thanks so much! Not sure how the Squid GET https:// can help me, as I want to talk bidirectionally betwen client and server after the handshake and keep that connection alive. GET https:// sounds a lot like the connection will be closed after one request. Perhaps my question was not clear in this regard in the first place or I currently cannot yet make sense of the solution.
I am still in the process of understanding how the network_biopair_interop() works exactly, but I think I got the general idea and how to transfer it.
Is there any literature you can recommend that explains the difference between BIO_push, BIO_make_bio_pair and manually reading and writing to mem BIOs?
Also, I am not entirely sure I understood when to use which BIO. If I create two BIO_new_SSL and chain/make_pair them together, the data should be "double encrypted" when I SSL_read from the chain, right? Or do I need a memory BIO in-between for some reason?
Sorry, looks like I am overall a bit confused...
Thomas
Viktor Dukhovni schrieb am Samstag, 30. November 2024 um 05:08:20 UTC+1:
On Thu, Nov 28, 2024 at 11:11:46PM -0800, Thomas K wrote:
> Any suggestions and advice on how to do this properly is very welcome (also
> something like "Configure your proxy to open the second TLS connection" or
> similar, if you think that's the most reasonable way).
You can use the biopair API to extract ciphertext from the inner SSL,
and write it into the outer SSL, and conversely read from the outer
SSL and inject ciphertext into the inner SSL.
Though Postfix no longer uses this approach to move data between SSL
and "vstream" sockets, you can still find it in the source of
older releases:
https://github.com/vdukhovni/postfix/blob/postfix-2.3/postfix/src/tls/tls_bio_ops.c
See the embedded nroff docs and network_biopair_interop().
--
Viktor.
You received this message because you are subscribed to the Google Groups "openssl-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to openssl-users+unsubscribe@xxxxxxxxxxx.
To view this discussion visit https://groups.google.com/a/openssl.org/d/msgid/openssl-users/2c92a03c-ef04-4a74-a397-80619a08f5e3n%40openssl.org.
