Oh, and I have just realized that it doesn't handle `ssl3_get_cert_verify` case right now.
I'll figure it out tomorrow. On Thu, Aug 28, 2014 at 2:26 PM, Fedor Indutny <fe...@indutny.com> wrote: > Hello again! > > Here is a second patch that improves the first one. Additionally it copies > and restores the packet > data before/after calling out async callback. However it is almost evident > for me that nothing > could overwrite `s->init_buf->data` during async handshake, so if you feel > confident about it - > please let me know and I will revert everything except style changes in > that 0002 patch. > > Cheers, > Fedor. > > > On Wed, Aug 27, 2014 at 1:05 PM, Fedor Indutny <fe...@indutny.com> wrote: > >> Oops, just realized that I pasted whole commit message into a subject. >> >> Anyway, CCing Rich Salz here. >> >> Rich, >> >> You seem to be on a wave on triaging tickets, may be you could take a >> look at this one eventually? >> >> Thank you, >> Fedor. >> >> >> On Sat, Aug 23, 2014 at 10:08 PM, Fedor Indutny <fe...@indutny.com> >> wrote: >> >>> This patch is introducing `async_key_ex_cb` member of both `SSL_CTX` and >>> `SSL`, and `SSL_supply()`. If `async_key_ex_cb` is present: >>> >>> * Server will ignore dummy RSA key, assuming that it is matching the >>> certificate. >>> * Server will invoke this callback with either: >>> * `SSL_KEY_EX_RSA` >>> * `SSL_KEY_EX_RSA_SIGN` >>> as a `type` argument, and some data for signature or decryption in >>> `p`/`n` pair. >>> >>> At that time the sign/decryption may be performed on any thread, or even >>> remotely, and the result should be supplied with `SSL_supply()`. Calling >>> `SSL_supply()` will continue the handshake process without even touching >>> the real private key. >>> >>> NOTE: >>> >>> The test is missing right now, I'll add it once we will figure out how >>> the API should look like. Implementation appears to be working when used >>> with node.js, see >>> https://github.com/indutny/node/tree/feature/async-key-exchange and >>> https://gist.github.com/indutny/948eaf9b5154eb395e8b for testing. >>> >>> ANOTHER NOTE: >>> >>> Pull Request on github: https://github.com/openssl/openssl/pull/162 >>> >> >> >