nimforum mirror - sendfile over ssl

bung (orginal) [2021-05-09T21:57:58+02:00] view original

os sendfile provide zero copy send file directly to socket, the openssl lib provide SSL_sendfile interface , I dont know how SSL_sendfile works internally, for others ssl lib how to do sendfile efficiently？for example chronos's dependency bearssl

shirleyquirk (orginal) [2021-05-10T03:33:01+02:00] view original

the way it works, broadly, is: you do the handshake with whichever ssl lib, then pass the encryption key to the kernel, which allows you to use the standard sendfile call.

This is a platform-specific thing, here is the linux documentation. I don't know where the equivalent docs for bsd are but you can look at the openssl source for both of them here fwiw

how to get the encryption keys after a handshake depends on the ssl lib, of course. for gnutls, it's gnutls_record_get_state, for mbedtls you can set a callback to receive the keys, and for bearssl you have to go digging in the context for the iv,key, and sequence numbers

bung (orginal) [2021-05-10T14:47:00+02:00] view original

Thanks for share this, really helpful! I read through these information, it seems I only need do handshake and send file through os sendfile , I notice TCP_ULP that setsockopt so it needs runs on Linux 4.13/4.14 upper , what's the cross platform solution? currently I do handshake without problem.

shirleyquirk (orginal) [2021-05-10T15:03:46+02:00] view original

the cross-platform solution is to fallback to the userspace method when ktls isn't enabled/supported.

bung (orginal) [2021-05-10T15:18:37+02:00] view original

ah, thanks!

Mirror of forum.nim-lang.org

7956 :: sendfile over ssl