Opened 3 weeks ago

Closed 3 weeks ago

Last modified 2 weeks ago

#2180 closed enhancement (fixed)

Refactoring SSL socket backend implementations

Reported by: ming Owned by: ming
Priority: normal Milestone: release-2.9
Component: pjlib Version: trunk
Keywords: Cc:
Backport to 1.x milestone: Backported: no


There are currently a lot of duplication in the SSL backend implementation, which causes major issues, maintenance difficulties, as well as unnecessary complexity when trying to add a new SSL backend.

The major issues are primarily due to revision differences (one backend (OpenSSL) gets updated/fixed a lot, while the other (GnuTLS) lags way behind). These create behavioral differences, where new features such as the new callback on_accept2() is only available for OpenSSL, and potential security problem, since bug fixes are only applied to one backend, while leaving the others exposed.

Thus refactoring is necessary, to make sure that shared codes are put in a separate file.

Change History (4)

comment:1 Changed 3 weeks ago by ming

  • Owner set to ming
  • Resolution set to fixed
  • Status changed from new to closed

In 5938:

Fixed #2180: Refactoring SSL socket backend implementations

comment:2 Changed 3 weeks ago by ming

In 5940:

Re #2180: Fixed incorrect early return in pj_ssl_sock_renegotiate()

comment:3 Changed 3 weeks ago by ming

In 5941:

Re #2180: Suppress warning of unreferenced function parameters

comment:4 Changed 2 weeks ago by nanang

In 5951:

Re #2180: Added ssl_sock_imp_common.h/c to PJLIB MSVC2005 project (excluded for build).

Note: See TracTickets for help on using tickets.