Issues implementing an async certificate validation engine
Date: Tue, 11 Feb 2020 16:28:00 +0000
This is my first post here, I need some help with certificate validation. I used curl multi interface and CURLOPT_SSL_CTX_FUNCTION so that I can use SSL_CTX_set_cert_verify_callback() and SSL_CTX_set_mode(ssl_ctx, SSL_MODE_ASYNC) to provide my own implementation of an async certificate validation engine. Such implementation uses IPCs to delegate certificate validation to another process. The idea is (pseudo code follows):
// this happens in process #1 in my_cert_verify_callback()
ctx = OPENSSL_malloc(sizeof(my_async_engine_ctx_t));
ctx->job = ASYNC_get_current_job()
ctx->wait_ctx = ASYNC_get_wait_ctx(job)
ASYNC_WAIT_CTX_set_wait_fd(ctx->wait_ctx, ctx, ctx->fds, ctx, my_async_engine_cleanup_cb);
async_validation_request(ctx->fds, cert, cert_len); // this requests cert validation to process #2 via IPC
read(ctx->fds, &validation_result, sizeof(validation_result));
For simplicity I omitted error checks (in my runs I have no error in any of the mentioned functions). When async response comes in, via IPC, what I do is:
// this happens in process #1
write(write_fd, &status, sizeof(status)); // I verified write_fd == ctx->fds
I see 2 different issues with this:
1. ASYNC_pause_job() can wake up before write(). It will then block on the read(), which is too bad in my single-threaded code.
2. I fixed case 1 by making read() non-blocking, I then run ASYNC_pause_job() again and again until write() is actually performed. So now I hit another issue. Time between printf("pause") and write() is ~100/200 milliseconds. However time between write() and printf("resume") is usually ~4.5 seconds and this way too much.
Is there a reliable way (only when data is really ready) and a prompt way (in order of micro/milli-seconds) to wake up from ASYNC_pause_job()?
Many thanks, any help would be much appreciated.
Valerio Di Gregorio