[zeromq-dev] Experimental TLS transport

Lourens Naudé lourens at methodmissing.com
Tue Apr 16 13:53:02 CEST 2013


Hi Guys,

I synced my a TLS ( OpenSSL ) branch I've been working on ( well mostly
"off" than "on" due to time constraints ) the last few months as I've hit a
wall with some issues and was wondering if there's anyone in the community
with experience with OpenSSL, specifically :

* Async OpenSSL
* OpenSSL + threads ( there's still a nondeterministic issue that can be
reproduced with tests, but it's evading me )
* OpenSSL on windows

I'm also not sure if any of this would apply moving forward as I noticed
Pieter's working on a new auth and security layer and noticed the
discussions around a newer ZMTP 3.0 spec ( http://hintjens.com/blog:39 ).

Branch :

https://github.com/methodmissing/libzmq/tree/tls

Diff with current master :

https://github.com/methodmissing/libzmq/compare/tls

To build ( it's fully backwards compatible with master otherwise ) :

"./configure --with-tls"

Pending items :

* Haven't been tested on Windows
* Depends on system OpenSSL installation
* Support for tls:// in /perf
* Default certificates ?
* There's still some non-deterministic edge cases on connector shutdown
despite the OpenSSL static locks implemented ( triggers100% CPU from within
OpenSSL - mostly SSL_free )

Anyways - just wanted to put this out there to see if there's still an
interest and if someone more knowledgeable could lend a hand ...

- Lourens
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.zeromq.org/pipermail/zeromq-dev/attachments/20130416/ac540db5/attachment.htm>


More information about the zeromq-dev mailing list