pcp
[Top] [All Lists]

Secure Client/Server Features Confusion

To: PCP Mailing List <pcp@xxxxxxxxxxx>
Subject: Secure Client/Server Features Confusion
From: Dave Brolley <brolley@xxxxxxxxxx>
Date: Tue, 05 Aug 2014 17:53:08 -0400
Delivered-to: pcp@xxxxxxxxxxx
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.5.0
Hi All,

I'm looking in to delaying the initialization of the NSPR/NSS/SASL libraries until their respective functionalities are actually needed. I've run into something that is causing me some confusion; namely the dependency (if any) between PDU_FLAG_SECURE and PDU_FLAG_COMPRESS. These correspond to the secure sockets (SSL/TLS) and compression features of PCP servers. Here is why I am confused:
  • The code in __pmSecureServerHasFeature() indicates that all secure servers support compression. This implies that all we need is an NSPR file descriptor in order to support compression.
  • The code in __pmSecureClientIPCFlags() tests these flags independently, however it uses the sslFd field of the IPC socket data in a call to SSL_OptionSet(), which implies that we can't have compression without ssl (i.e. can't have PDU_FLAG_COMPRESS without PDU_FLAG_SECURE).
  • The code in __pmSecureServerIPCFlags() tests these flags independently, and uses nsprFd field of the IPC socket data in a call to SSL_OptionSet(), which on the one hand implies that all we need is an NSPR file descriptor but on the other hand also implies that we can't have compression without ssl.
  • The NSPR/NSS docs for SSL_ENABLE_DEFLATE seem to link compression with SSL/TLS
So the question is, do we need an SSL/TLS file descriptor in order to support compression, or just an NSPR file descriptor. It looks to me like SSL is needed for compression, but I need to know for sure so that I know under which conditions to initialize NSS in addition to NSPR.

While we're at it, is there any relationship between these flags and PDU_FLAG_AUTH (SASL?). i.e. is a secure connection required for authentication?

Thanks,
Dave
<Prev in Thread] Current Thread [Next in Thread>