[I'm pointing this here so that it gets archived in case it gets lost in my inbox. Sorry if it is a little long; future replies will be trimmed.] Hi Daniel, Yes; we should Cc this to php-dev. The ssl_turned_on flag would belong to the implementation of a socket based stream. The streams implementation would then know which read method to use internally. I'm not 100% sure how to go about this without spending some more time looking into it (I don't have much time either); it might require a little bit of fancy footwork to make sure this all sticks together properly. The concept is that there will be either a function such as php_stream_enable_ssl(stream, bEnable) OR, we could have an ioctl() style interface for streams. What do you php-dev guys think? --Wez. > Hi Wez, > > thanks a lot for the detailed answer. I think I got a good impression of > what will be to do. And I think I was right when I said that integrating > ssl into the main branch (streams and files) would be a task that needs > a lot of php-internal know-how. Would be an interesting job, but I don't > have the time to get it done. > > However the ssl-on/off option done in plain C are not more than 100 > lines of code. If you take a short look at openssl/demo/ssl/cli.cpp and > serv.cpp. That's all one has to do to get it done. I have done a C++ > Client implementation based on that code on my windows product, and it > took me about half a day to get it work. I could do it in the php-code > as well. My main problem is: if I do the ssl_on(handle) ssl_off(handle) > how will I do the read/write op's? In fread/fwrite? Where can I set the > 'ssl_tunred_on' flag attached to a stream? > > Perhaps you have got some short ideas for me, so I can implement it in a > way that help's later development and integrates into php as long as it > takes to get the stream architecture finished. Or I will supply you with > some quick code samples doing exactly what most ssl-stuff deals with. > Server + Cert takes a client req with/without cert. Cert veryfying can > be done by the functions you already implemented. > > Thanks in advance for your help. And: should we CC some mailing list for > further communications? > > bye, Daniel > > Wez Furlong wrote: > > > > Hi Daniel, > > > > It's on my TODO, but requires that all the file IO in PHP gets rewritten > > first (see README.STREAMS in the root of the php4 source). > > > > I'm currently very busy on a couple of contracts so it will be at least > > 1 month before I can put some time into it. > > > > You can help me out here; we had briefly considered turning SSL on/off > > on a regular socket but had forgotten about it. > > If you could provide me with a little sample code of how this can be > > done, then I can factor it into the streams design. > > > > If you need SSL capability sooner, someone posted a patch that implements > > openssl enabled sockets (search the mailing list archives for openssl_read > > or something similar); however, it definitely won't let you turn SSL on/off > > on already opened sockets. > > > > If you are willing to put some (grunt) work into it, the main thing holding > > this stuff up is that all of the extensions need to be prepared to switch to > > php_streams (using ifdefs so the original code still works), we then need > > to finish up the streams implementation of fopen wrapper and then we can > > switch over to streams. > > And finally, we can implement SSL streams (and that will be an easy task). > > > > --Wez. > > > > > -----Original Message----- > > > From: Daniel Gleichauf [mailto:[EMAIL PROTECTED]] > > > Sent: 10 August 2001 14:37 > > > To: Wez Furlong > > > Subject: OPENSSL Integration > > > > > > > > > Hi Wez, > > > > > > sorry for the direct way of adressing you, but there seems to be bare > > > information about how to submit one single question about something > > > without having to deal with the whole php-user-list-traffic. > > > > > > My problem is, that I should programm an smtpd in php. This is a nice > > > job, and I don't think it'll take to long, but there should be an ssl > > > negotiation integrated. After fuzzling around with quite a lot of > > > stunnel atc idea's I thougt it would be best if I would be able to do > > > the ssl_read from within the php_smtpd. > > > > > > I took a deep look in the php-sources but it seemd closed to impossible > > > to me to integrate the ssl-read/write logic within these > > > fopen/fget-wrappers. The thing about is that not the whole stream is > > > encrypted, but the encryption starts at a specific point of the > > > client-server-communication, and it may end as well without dropping the > > > line. So I needed something that gets on top of an already opened > > > file-pointer (should be a network or stdin/out-stream in reality) and > > > from that point the communication get's read and written through those > > > openssl SSL_read/SSL_write functions. > > > > > > Have you got any hints for me, or will or are these openssl routines > > > (be) developed by someone else already? > > > > > > Thanks a lot in advance, > > > > > > Daniel
-- PHP Development Mailing List <http://www.php.net/> To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
