I have a streaming API in Haskell (not unlike OpenSSL's BIOs) that I'd like to inject an SSL/TLS "proxy" into. To be more specific, let's say I have a model of a network
Server| <---> |Logger>| <---> |<Logger| <---> |Client
(where I'm writing Logger> to mean a "downstream" logger) and I'd like to write an FFI to call into OpenSSL to inject TLS into the center here
Server| <---> |Logger>| <---> |TLS>| <---> |<TLS| <---> |<Logger| <---> |Client
so that communication between TLS> and <TLS is encrypted. What is the simplest interface with OpenSSL that'll let me build <TLS? After that, what is the simplest interface to build TLS>?
Put another way, my project is different from most tutorials I've read because I want to be able to both BIO_gets and BIO_puts an SSL structure. This is similar to if I was managing my own transport for the SSL client connection, but the "transport" is carried out by lifting the C pointers up into Haskell.
(I'm sure that I'm simply totally missing something fundamental about the SSL+BIO interaction.)
From http://www.openssl.org/docs/crypto/BIO_s_bio.html I see an application like what I'm shooting for:
BIO *internal_bio, *network_bio;...BIO_new_bio_pair(internal_bio, 0, network_bio, 0);SSL_set_bio(ssl, internal_bio, internal_bio);SSL_operations();
which seems roughly correct. I'd be able to both puts and gets on network_bio.
