[ejabberd] Memory use with SSL connections

Simon Josefsson simon at josefsson.org
Tue Jan 20 12:45:49 MSK 2009


Evgeniy Khramtsov <xramtsov at gmail.com> writes:

>>or might
>>one of the light libraries with flakey standards coverage (e.g.,
>>yassl) work well enough?
>>
> OpenSSL has a very important benefit: it doesn't require socket
> descriptors to be passed to it's API functions. Other libraries
> (gnutls, yassl) need sockets to be passed to their functions
> (furthermore, sockets must be in blocking mode!!), but this is not
> acceptable in Erlang of course. At least I didn't see alternative
> libraries without this restriction.

That's not true, GnuTLS does not require that.  GnuTLS works fine with
non-blocking sockets.  You can also replace the socket operations with
your own push/pull functions, to complete avoid passing any socket to
GnuTLS.

For a minimal in-memory example of a TLS client+server implementation
without threads nor sockets using GnuTLS, see:

http://git.savannah.gnu.org/gitweb/?p=gnutls.git;a=blob;f=tests/mini.c;hb=HEAD

The API to use for setting your own push/pull functions are
gnutls_transport_set_push_function and
gnutls_transport_set_pull_function.

Hope this helps,
/Simon


More information about the ejabberd mailing list