Re: [Chicken-users] openssl egg

[Thomas Christian Chust]

Goetz Isenmann wrote:

> [...]
> I try to create a https connection tunneling through a proxy.
> 
> Therefore I have to (1) create an unencrypted tcp connection to the
> proxy, (2) tell the proxy to create a tunnel to the servers https
> port (CONNECT host.domain:port HTTP/1.0), (3) wait for a positive
> response (HTTP/1.0 200 Connection established), and (4) initiate a
> SSL handshake over this already estabilshed connection.
> 
> Looks like the current openssl egg does not support this (step 4).
> 
> May I suggest a change?
> [...]
> Beware: I have never done anything in scheme, I can only guess, what
> that values, cut, and wrap business might do.

Hello Goetz,

your patch looks correct so far. The reason why I didn't include a
procedure like that in the egg in the first place is that its existence
suggests the possibility to wrap an SSL transport layer around any given
pair of input and output ports. That is unfortunately not the case,
though. Currently it is only possible to create an SSL wrapper for a
file descriptor.

How do others think about this: Should an ssl-start procedure be
included in the OpenSSL egg and if yes, should it try to extract a file
descriptor from given ports, should it be given a file descriptor
directly or should it maybe really create a wrapper around the given
ports and pass that to OpenSSL?

> BTW: Does this #!optional port make sense? Isn't it a required argument?

The port argument doesn't have to be passed if you include the port
specification in the hostname argument (eg. "ftp:localhost"). See the
documentation of tcp-connect for more information.

cu,
Thomas