I've made the first round of OpenSSL patches (that is, support for
OpenSSL within conserver) available. You can find them at
ftp://ftp.conserver.com/conserver/openssl-patches/ or
http://www.conserver.com/openssl-patches/ in the file
7.2.3-to-7.2.4-alpha1.patch.
I want to warn folks again that's it's a very basic implementation of
the SSL bits. There is no certificate exchange, and there are more
than likely many ways to make the code crash (both client and server).
But, I have successfully make the new code do it's thing (encrypted
connections) as well as talk to the old code (7.2.3) non-encrypted.
It's surprisingly functional, but I can't guarantee you won't make it
choke immediately or that it won't leak memory like a sieve. With the
first level of functionality there, I'll be looking into these types of
things next. But, I wanted it available so that interested folks could
look and play and hopefully point out all the bad things I did (or
didn't do) with the OpenSSL API.
Here's the CHANGES file additions, to show what I've got...
version 7.2.4 ():
- added --with-openssl for client/server encryption
- added -E option to client and server to allow for non-encrypted
connections (encryption is the default if compiled in)
- expanded -V output to show what optional bits actually got
compiled into the code (libwrap, regex, etc)
Bryan Stansell
OpenSSL within conserver) available. You can find them at
ftp://ftp.conserver.com/conserver/openssl-patches/ or
http://www.conserver.com/openssl-patches/ in the file
7.2.3-to-7.2.4-alpha1.patch.
I want to warn folks again that's it's a very basic implementation of
the SSL bits. There is no certificate exchange, and there are more
than likely many ways to make the code crash (both client and server).
But, I have successfully make the new code do it's thing (encrypted
connections) as well as talk to the old code (7.2.3) non-encrypted.
It's surprisingly functional, but I can't guarantee you won't make it
choke immediately or that it won't leak memory like a sieve. With the
first level of functionality there, I'll be looking into these types of
things next. But, I wanted it available so that interested folks could
look and play and hopefully point out all the bad things I did (or
didn't do) with the OpenSSL API.
Here's the CHANGES file additions, to show what I've got...
version 7.2.4 ():
- added --with-openssl for client/server encryption
- added -E option to client and server to allow for non-encrypted
connections (encryption is the default if compiled in)
- expanded -V output to show what optional bits actually got
compiled into the code (libwrap, regex, etc)
Bryan Stansell