A minimal number of changes were required in the Bnet socket API. The BSOCK structure was expanded to include an associated TLS_CONNECTION structure, as well as a flag to designate the current blocking state of the socket. The blocking state flag is required for win32, where it does not appear possible to discern the current blocking state of a socket.
bnet_tls_server() and bnet_tls_client() were both implemented using the new TLS API as follows:
int bnet_tls_client(TLS_CONTEXT *ctx, BSOCK * bsock);
Negotiates a TLS session via bsock using the settings from ctx. Returns 1 if successful, 0 otherwise.
int bnet_tls_server(TLS_CONTEXT *ctx, BSOCK * bsock, alist *verify_list);
Accepts a TLS client session via bsock using the settings from ctx. If verify_list is non-NULL, it is passed to tls_postconnect_verify_cn() for client certificate verification.
Three functions were added for manipulating the blocking state of a socket on both Win32 and Unix-like systems. The Win32 code was written according to the MSDN documentation, but has not been tested.
These functions are prototyped as follows:
int bnet_set_nonblocking (BSOCK *bsock);
Enables non-blocking I/O on the socket associated with bsock. Returns a copy of the socket flags prior to modification.
int bnet_set_blocking (BSOCK *bsock);
Enables blocking I/O on the socket associated with bsock. Returns a copy of the socket flags prior to modification.
void bnet_restore_blocking (BSOCK *bsock, int flags);
Restores blocking or non-blocking IO setting on the socket associated with bsock. The flags argument must be the return value of either bnet_set_blocking() or bnet_restore_blocking().
Kern Sibbald 2010-08-30