UCSPI-TLS for s6-networking?

From: Amitai Schleier <schmonz-lists-djb-skarnet_at_schmonz.com>
Date: 16 Nov 2020 11:05:25 +0100

Hi! I just met s6-networking and am wondering whether it might suit some
of my needs. I see UCSPI tools analogous to those in ucspi-tcp and
ucspi-ssl, except more composable. That's why I'm here :-)

Way back in the day, Scott Gifford and Charlie Brady designed an
UCSPI-TLS interface for "delayed encryption" of services that start
unencrypted -- for instance, an SMTP client and server negotiating
STARTTLS. Here's an introduction (or maybe reminder):

I think it's a lovely interface. My own TLS and AUTH implementation for
unpatched qmail-smtpd, qmail-pop3d, and ofmipd
(https://schmonz.com/qmail/acceptutils) relies on it. At present, the
only ready-to-run UCSPI-TLS implementation I'm aware of is Erwin
Hoffmann's ucspi-ssl fork, which includes the "sslserver -n" portion of
the original implementation but not yet the corresponding "sslclient

If my code -- and perhaps notqmail's
(https://github.com/notqmail/notqmail/wiki/Designs) -- could run equally
well under s6-networking, that would be really cool. Could UCSPI-TLS be
made to fit nicely into s6-networking's design? If so, would you be
willing to consider implementing it?

For reference, here's what I believe is the latest version of Gifford
and Brady's code, including both client and server implementations for
William Baxter's ucspi-ssl:


- Amitai
Received on Mon Nov 16 2020 - 10:05:25 UTC

This archive was generated by hypermail 2.3.0 : Sun May 09 2021 - 19:38:49 UTC