For our application we have a corner case that involves an SSL stream being tunneled through another SSL stream. In other words, we already have an SSL session with the client, and inside that session the client wants to create another tunnel.
Is it possible to create a BIO off an existing SSL object? The result being that SSL_read will read and decrypt bytes from another SSL object which is reading and decrypting bytes from a file descriptor? The alternative will be creating a bidirectional pipe and shuffling bits in and out of it, and thus to the second ssl instance through the kernel, which I'd like to avoid. I feel like this explanation is awkward so I'll to clarify with a description of what's happening: 1) Client connects to us and negotiates an SSL tunnel 2) Client talks to us with this SSL tunnel for a while. 3) Client wants to fire up another tunnel inside this tunnel, issues a HTTP CONNECT call. 4) We now need to do a SSL handshake inside the first tunnel The application is an HTTPS proxy server with support for transparent decryption of HTTP connect calls. -- *David Hinkle* *Senior Software Developer* *Phone:* 800.243.3729x3000 *Email:* hin...@cipafilter.com *Hours:* Mon-Fri 8:00AM-5:00PM (CT)
