cURL / Mailing Lists / curl-library / Single Mail

curl-library

Re: SSL/TLS support using Windows SSPI Schannel API

From: Marc Hoersken <info_at_marc-hoersken.de>
Date: Mon, 23 Apr 2012 22:36:24 +0200

2012/4/23 Salisbury, Mark <mark.salisbury_at_hp.com>:
> Further clarification - I don't think you have to send ALL the data requested, you just have to send full chunks.  If you call Encrypt(), asking it to encrypt 32k bytes, but it only encrypts the first 4k, you need to fully send that 4k.

Ok, appending to my previous reply: In this case we need two internal
outgoing buffers. One which hold the decrypted/original data and one
which holds the already encrypted data for the next call to
write()/send().

You can figure out how many bytes can be encrypted at once using the
SecPkgContext_StreamSizes struct. See:
http://msdn.microsoft.com/en-us/library/windows/desktop/aa380098.aspx

My implementation already uses this for the SSL/TLS packet header and
trailer. It currently returns an error if the data to be send exceeds
the maximum message size. All these limitations can be fixed by using
the same double buffering approach which I am currently using for
receiving and apply it to sending, too.

Best regards,
Marc

-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html
Received on 2012-04-23