I've got a situation where a listener on the server receives a connection then the client sends a login packet. The server creates a new "worker" process as the logged in user and passes it the socket ID. The worker process takes over communication with the client (which is unaware of what's happened on the server) and the listener listens for a new connection. Its old, mature software, running on Windows that can't be changed that much (large customer base).
Implementing openssl I've hit a wall. I need to initiate SSL on the connection in the listener, before the client sends the login packet as it obviously shouldn't be sent in the clear. There's no way to pass the SSL objects to the new process, so I've been trying to close the SSL session and initiate a new one on the still-open socket from the worker process. To do this, the listener sends a packet to the client when it starts the worker process, telling the client to shutdown its SSL. The listener does the same (calls SSL_shutdown then SSL_free). The worker process sends a packet in the clear to the client on the socket (this works), then calls SSL_new, BIO_new_socket, SSL_set_bio and SSL_accept. When the client gets the packet in the clear from the worker process, it also calls SSL_new, BIO_new_socket, SSL_set_bio and then SSL_connect. So far so good, it all appears to work. The client can then send messages to the server worker process using SSL_write, and the worker receives them ok. However, when the worker sends something to the client, nothing comes through - SSL_read fails. In summary, is there any way of closing an SSL session on a socket, then opening a brand new one? regards, Andrew
