|
Alan,
Unfortunately, there isn't one single "good" answer to your question.
Different network protocols upgrade to SSL at different times.
For example, some protocols (SMTP, FTP, etc) have something like a
'STARTSSL' keyword. You connect in plain text, and then send the STARTSSL
keyword to tell the server you want to upgrade to SSL, and only when the
server responds with an "OK" message will you actually initiate SSL.
In HTTP, you can connect with SSL immediately -- but only if it's a direct
connect. If you're using a proxy, then you need to connect to the proxy,
tell the proxy to set up a tunnel, and once the tunnel is open, start SSL.
So in that case, you have to do some work in plaintext, and upgrade to SSL
later.
So, I typically have the "worker" job do the SSL upgrade, since it may
need to communicate in plaintext before the SSL upgrade.
To make things easier, I put all of the code for this stuff in a service
program (so I don't have to re-code all my SSL logic in every worker
application separately.)
Also, unless you're responding to a high-volume of requests, you might
consider using INETD so you don't have to write your own listener/spawner
jobs. (INETD does the listening for you, and spawns a worker job, so all
you have to do is write the worker job part.)
-SK
On 11/5/2014 4:02 PM, Alan Campin wrote:
Scott, I have written a socket server in RPG which as two components. AThis is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list
Socket Server and a Worker Job that gets spawned. Works good but I am
thinking about adding SSL.
My question to you is where do you upgrade the socket to SSL. It would
seem
logical to upgrade the socket to SSL in the Socket Server program before
it
gets spawned to create the worker job but I was wondering.
When I spawn the new job, it passes the socket descriptor to the worker
program. If I upgrade the socket to be secure will that information be
passed to worker program or do I need to upgrade the socket after I arrive
at spawned worker job?
Hopefully this is clear. Thanks for any help.
--
To post a message email: MIDRANGE-L@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at http://archive.midrange.com/midrange-l.
As an Amazon Associate we earn from qualifying purchases.
This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.