[Vortex] TLS listener and profiles

Francis Brosnan Blazquez francis at aspl.es
Tue Mar 29 12:32:31 CEST 2011 

> Hello,

Hi Jason,

> I am attempting to construct a Vortex listener that can and will only
> accept TLS connections.  Currently I am able to make it so that the
> client is setup for TLS by default and the connection will fail unless
> TLS is accepted.  

Ok,

> But, I have yet to determine if it possible to
> restrict the listener in this way.  It appears that there is no way to
> circumvent the initial insecure connection and establish an immediate
> secure connection.  Is this true?

Yes it is. At least for now. You still need initial BEEP session setup
to then go TLS.

> Alternatively, I require that upon connection, no profiles are available
> until a TLS connection has been created.  I have attempted creating
> checks on connection attempts in order to verify that the connection is
> TLSfied before I register the profile(s).  But, it appears the
> connection object is not available for this check immediately after
> TLSfication and is only available upon subsequent data transmission
> (such as a channel creation) from the client.  This is undesirable as
> any profiles would need to be created before a channel can be created,
> allowing any insecure connection immediate access to the profiles.
> Could you possibly steer me in the proper direction?

You might want to check a mix of
vortex_listener_set_on_connection_accepted (to have a early reference to
the connection prior BEEP greetings) and
vortex_connection_set_profile_mask (to control which profiles can run on
your connection).

Note that handler configured at
vortex_listener_set_on_connection_accepted will be called twice (one for
initial connection and one for the new connection object created after
successful TLS activation).

Cheers!

> Thank you in advance!
> 
> Jason
> _______________________________________________
> Vortex mailing list
> Vortex at lists.aspl.es
> http://lists.aspl.es/cgi-bin/mailman/listinfo/vortex
-- 
Francis Brosnan Blázquez <francis.brosnan at aspl.es>
ASPL
91 134 14 22 - 91 134 14 45 - 91 116 07 57

AVISO LEGAL

Este mensaje se dirige exclusivamente a su destinatario. Los datos
incluidos en el presente correo son confidenciales y sometidos a secreto
profesional, se prohíbe divulgarlos, en virtud de las leyes vigentes. Si
usted no lo es y lo ha recibido por error o tiene conocimiento del mismo
por cualquier motivo, le rogamos que nos lo comunique por este medio y
proceda a destruirlo o borrarlo.

En virtud de lo dispuesto en la Ley Orgánica 15/1999, de 13 de
diciembre, de Protección de Datos de Carácter Personal, le informamos de
que sus datos de carácter personal, recogidos de fuentes accesibles al
público o datos que usted nos ha facilitado previamente, proceden de
bases de datos propiedad de Advanced Software Production Line, S.L.
(ASPL). No obstante, usted puede ejercitar sus derechos de acceso,
rectificación, cancelación y oposición dispuestos en la mencionada Ley
Orgánica, notificándolo por escrito a:
ASPL - Protección Datos, C/Antonio Suárez 10 A-102, 28802, Alcalá de
Henares (Madrid).

More information about the Vortex mailing list