Hi All,
I'm looking in to delaying the initialization of the NSPR/NSS/SASL
libraries until their respective functionalities are actually
needed. I've run into something that is causing me some confusion;
namely the dependency (if any) between PDU_FLAG_SECURE and
PDU_FLAG_COMPRESS. These correspond to the secure sockets (SSL/TLS)
and compression features of PCP servers. Here is why I am confused:
- The code in __pmSecureServerHasFeature() indicates that all
secure servers support compression. This implies that all we
need is an NSPR file descriptor in order to support compression.
- The code in __pmSecureClientIPCFlags() tests these flags
independently, however it uses the sslFd field of the
IPC socket data in a call to SSL_OptionSet(), which implies that
we can't have compression without ssl (i.e. can't have
PDU_FLAG_COMPRESS without PDU_FLAG_SECURE).
- The code in __pmSecureServerIPCFlags() tests these flags
independently, and uses nsprFd field of the IPC socket
data in a call to SSL_OptionSet(), which on the one hand implies
that all we need is an NSPR file descriptor but on the other
hand also implies that we can't have compression without ssl.
- The NSPR/NSS docs for SSL_ENABLE_DEFLATE seem to link
compression with SSL/TLS
So the question is, do we need an SSL/TLS file descriptor in order
to support compression, or just an NSPR file descriptor. It looks to
me like SSL is needed for compression, but I need to know for sure
so that I know under which conditions to initialize NSS in addition
to NSPR.
While we're at it, is there any relationship between these flags and
PDU_FLAG_AUTH (SASL?). i.e. is a secure connection required for
authentication?
Thanks,
Dave
|
|