• Registered: 2015-11-29
  • Posts: 1

Topic: Preserve SSL state across exec()

I currently have a non-SSL web server (written from scratch) that does some special processing on the back-end. The server itself has a near-100% uptime requirement, and so I have built a special method to allow me to make changes and updates to the codebase without losing any active TCP connections:

1. Write all context information about every TCP connection to a file.

2. Call exec() to load the new executable, which contains the new code changes (all file descriptors remain active through this step).

3. Read context information back from the file, and link that context up to the existing TCP connection FDs.

I would like to incorporate WolfSSL into this application in order to service HTTPS requests.

Is there a way to dump WolfSSL-specific context and state information for every connected TCP socket, so that I can load it all back into my process after an exec() and allow the SSL processing to continue right where it left off (with the users unaware)?

Share

  • From: Bozeman, MT
  • Registered: 2010-10-20
  • Posts: 647

Re: Preserve SSL state across exec()

Hi byron,

We don't currently have a way to serialize all information in a wolfSSL context or session.  The closest we have to that the feature to save the certificate cache and session cache:

--enable-savesession - enabling this option will allow an application to persist (save) and restore the wolfSSL session cache to/from memory buffers.

--enable-savecert - enabling this option will allow an application to persist (save) and restore the wolfSSL certificate cache to/from memory buffers.

Best Regards,
Chris

https://www.wolfssl.com

chrisc's Website

Share