ssl stream pipe

passfree Sat, 02 Oct 2010 09:16:19 -0700

Hi,

I am trying to build a SSL stream pipe component and I am stuck so I
am hoping someone can give me the right direction.


the component is used like this:

let p = CC['sslpipe'].createInterface(CI.ISSLPipe);
p.init();
p.write("GET / HTTP/1.0\r\n\r\n");

Now when p.read(count); is called it should start the ssl negotiation
process and start encrypting the text that is sent via write.

This design allows to be easily used in input and output stream
wrappers in order to create SSL servers and clients. As such, it will
be possible to create xpcom http servers that support SSL or generic
SSL clients which allow for the SSL communication to start at any
stage of the session.

My understandings of NSS and NSPR are of a novice programmer. Here is
what I have so far:

The init method creates an anonymous pipe with PR_CreatePipe. The
method setups a read and write file descriptors. The write file
descriptor is wrapped in SSL with the SSL_ImportFD method. Further ssl
options are set afterwords. SSL_SetUrl is also set for completeness
although if it is possible to ignore it, it will be great. Then
SSL_ResetHandshake is called followed by SSL_ForceHandshake. This is
the code:

        if (PR_CreatePipe(&rfd, &wfd) == PR_FAILURE) {
                return NS_ERROR_FAILURE;
        }

        sfd = SSL_ImportFD(NULL, wfd);

        if (sfd == NULL) {
                return NS_ERROR_FAILURE;
        }

        SSL_OptionSet(sfd, SSL_ENABLE_SSL2, PR_TRUE);
        SSL_OptionSet(sfd, SSL_V2_COMPATIBLE_HELLO, PR_TRUE);
        SSL_OptionSet(sfd, SSL_ENABLE_SSL3, PR_TRUE);
        SSL_OptionSet(sfd, SSL_ENABLE_TLS, PR_TRUE);

        SSL_SetURL(sfd, "test.com");

        SSL_ResetHandshake(sfd, false);
        SSL_ForceHandshake(sfd);

        return NS_OK;

The problem is within the write method of the component which fails
for some unknown reasons. Here is the code I am using for testing:

                char b[] = { "12345" };
                int result = PR_Write(sfd, &b, 5);

                if (result <= 0) {
                        printf("%d\n", PR_GetError());
                        return NS_ERROR_FAILURE;
                }

And this is where I am stuck. I know that SSL_ImportFD is generally
used on sockets but since it excepts PRFileDesc structures I thought
it could work on anonymous pipe descriptors as well. The documentation
also suggests that this could be possible.

Anyone has any idea why this is not working?
-- 
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto

ssl stream pipe

Reply via email to