On November 27, 2002 12:33 pm, Le Saux, Eric wrote: > Yes, very interesting. > > This is another way of adding compression to the data pipe. > I have not looked at the code, but I assume that the compression state > is maintained for the whole life of the communication channel, which is > what gives the best results.
Um, out of curiosity ... wouldn't this be the easiest way to implement a custom compression method anyhow? Ie. define the compression method so that the SSL/TLS handshake can take care of agreeing (or not) about compression at each end, but do not implement the method inside SSL/TLS processing - ie. if that compression method is agreed, cause a zlib BIO to be inserted (or removed, in the case of a renegotiation perhaps) onto the application side of the SSL object's BIO chain (um, actually "chains", one each for read and write I suppose) ... this essentially does what Pablo was referring to but lets the SSL/TLS handshake take care of negotiating compression with the peer. The latter is the problem with just putting the compression layer inside the SSL/TLS layer, you need an out-of-band (read: application) mechanism to decide when to use it or not. It sounds a bit magic(k) though ... hmm ... perhaps buffering/flushes would be the problem when applications use non-blocking sockets? If not, this sounds easier than putting the zlib manipulation inside the SSL/TLS layer and would probably give faster and better compression too. oh yes: Pablo J Royo wrote; > I think the BIO would mantain the context (as z_stream struct of ZLIB > do) among several calls to BIO_write/read, so if you want to compress > communication data you have to chain this "zBIO" with a socket BIO. almost - presumably the socket BIO you refer to is on the SSL/TLS data side rather than the application data side, in which case your compression won't do much. Compression is only useful on the assumption that the application data itself is compressible, and by the time you get SSL/TLS data - it's (hopefully) too well encrypted for compression to have much effect. :-) I assume you ment to chain it with a memory/buffer BIO? Ie. going from; --> write_BIO --> >-- \ [app] [SSL] socket_BIO <-- read_BIO <-- <-- / to; --> write_BIO --> zlib_BIO --> >--\ [app] [SSL] socket_BIO <-- read_BIO <-- zlib_BIO <-- <--/ ? Cheers, Geoff -- Geoff Thorpe [EMAIL PROTECTED] http://www.geoffthorpe.net/ ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]