On Mon, Jun 28, 1999 at 10:12:06AM +0200, Arne Ansper wrote:
>> This depends on how you define "properly written", obviously.
> yes. but in order to make the OpenSSLifying of existing applications
> simpler, it would be nice to follow the semantics of normal socket calls.
This, however, can work only to a certain degree; so any case you have
to look at everything that the program does and check whether it also
makes sense for the SSL_{read,write} interface: Non-blocking semantics
are quite different, for one thing; so are blocking semantics (select
does not guarantee that the next SSL_read or SSL_write will not
block); and SSL_write, as it is now, will not return when it has
finished writing one of multiple blocks that an SSL_write may need.
Also, you can't change the contents of the write buffer if SSL_write
returned -1, which works for standard write.
> then you can start using OpenSSL just be inserting some initialization
> code at the beginning of the program and by replacing all calls to
> read/write to SSL_read/SSL_write. but if you must rewrite the internal
> logic of the application (buffer management, etc) in order to do so, then
> the conversion to secure sockets is quite time consuming.
It's never as easy as replacing read/write by SSL_read/SSL_write,
except if an application uses blocking sockets and does not try to
determine in advance whether the next call would block or not. In
other cases, chances are the resulting application will use select()
inappropriately etc. And if you strictly use blocking read/writes,
then buffer management is easy anyway.
However, I already noted that an option to switch off that SSL_write
check may make sense -- for a properly organized application it should
usually not really be necessary (because you'd copy buffers filled
with lots of already-written data), but if an application program
desperately wants to do that, then so be it.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
