Shared SSL session support

SSL support enables z/TPF applications to use SSL. The OpenSSL open source package that was ported ties an SSL session to a specific process. For the z/TPF system, this means a given SSL session is owned by a specific ECB and all information about that SSL session resides in heap storage associated with that ECB. This ECB is the only one that can issue any SSL APIs for that SSL session. If the ECB exits for any reason, the SSL session ends.

In a distributed application environment that includes the z/TPF system, multiple ECBs have the ability to share a Transmission Control Protocol/Internet Protocol (TCP/IP) socket. Shared SSL session support extends this capability to allow multiple ECBs to share an SSL session or to have the ability to pass an SSL session from one ECB to another ECB. When the application creates an SSL session, the session can be defined as shared or not shared. For SSL sessions defined as not shared, there are no changes and the session is still tied to a single ECB. SSL daemon processes manage SSL sessions that are created as shared. Any application (ECB) can issue an SSL API for a shared SSL session. Shared SSL sessions are not tied to an application ECB, which means that the SSL session can remain even if there are no active application ECBs.

TCP/IP support created a unique socket API called activate_on_receipt (AOR) that allows the calling ECB to exit, a new ECB to be created, and the specified application to be activated when data arrives on the socket. No ECBs are tied up while waiting for data to arrive. Shared SSL session support provides a similar ability for SSL sessions. A z/TPF-unique SSL API called SSL_aor is created that provides the same functions to SSL sessions that activate_on_receipt provides for sockets.