<html> <head> <meta http-equiv="content-type" content="text/html; charset=UTF-8"> </head> <body bgcolor="#FFFFFF" text="#000000"> Consider the following code: (define cert-chain "/opt/dozor/smap/config/httpd/server.crt") (define cert-root "/opt/dozor/smap/config/httpd/server.crt") (define cert-sca "/opt/dozor/smap/config/httpd/server.crt") (define key "/opt/dozor/smap/config/httpd/server.key") (let-values (((in-raw out-raw) (tcp-connect "localhost" 8052))) (let-values (((in out) (let ((ctx (ssl-make-client-context))) (ssl-load-certificate-chain! ctx cert-chain) (ssl-load-verify-root-certificates! ctx cert-root) (ssl-load-suggested-certificate-authorities! ctx cert-sca) (ssl-set-verify! ctx #t) (ssl-load-private-key! ctx key) (ports->ssl-ports in-raw out-raw #:mode 'connect #:context ctx #:close-original? #t #:shutdown-on-close? #f)))) (fprintf out "GET <a href="https://localhost:8052/cgi-bin/rc/iface.scm">https://localhost:8052/cgi-bin/rc/iface.scm</a> HTTP/1.0\r\n\r\n") (flush-output out) (read-line in))) Raw ports were wrapped with SSL successfully, but then program has hung up between 2 last actions: sending the request to server and reading its reply. Further investigation showed that in the course of SSL processing the server had requested session renegotiation from the client and would provide it with requested data if the client sent negotiation info to server. After looking inside make-ssl-input-port (see the code below) (letrec ([do-read (lambda (buffer) (let ([out-blocked? (pump-output mzssl)] [len (or must-read-len (min (bytes-length xfer-buffer) (bytes-length buffer)))]) (let ([n (SSL_read (mzssl-ssl mzssl) xfer-buffer len)]) we found that control flow cannot reach SSL_read call it is blocked by pump-output call. Unfortunately, we do not fully understand what is going on inside pump-output... <pre class="moz-signature" cols="72">-- Best regards, Timur</pre> </body> </html>