On Tue, Apr 04, 2000 at 05:50:12PM +1000, Douglas Lee wrote:
> Hi there,
>
> I have 2 questions:
....
> 2) The SSL_read/SSL_write API doesn't seems to support non-blocking IO.
> Is it sufficient to set the underlying file descriptor for non-blocking
> IO and just use SSL_set_fd to enable this? And if I change the properties
> of the underlying file desc. can I just issue another SSL_set_fd to
> update the SSL socket?
That is an interesting question. Here is how I do things at
ZMailer. It *should* be running in non-blocking mode, but
I have seen repeatable cases where OpenSSL 0.9.5a will apparently
deadlock on reading data.
ZMailer's SMTP transport agent (SMTP client) implements SSL
mode socket this way:
- create socket, and connect() it to somewhere, possibly
do a lot with it without SSL wrapper on
- set the sock into BLOCKING mode
- SSL_new() -> gives SSL context.
- SSL_set_fd(sslctx, sock)
- Do SSL_connect(sslctx) WHILE IN BLOCKING MODE
- SSL_set_read_ahead(sslctx, 1)
- set the sock into NON-BLOCKING mode
All processing happens with the socket in NON-BLOCKING mode.
if (SS->sslmode) {
r = SSL_write(SS->ssl, p, len);
e = errno; /* FIXME: Some SSL function ??? */
if (r < 0) {
e = SSL_get_error(SS->ssl, r);
if (e == SSL_ERROR_WANT_WRITE) {
/* Right, so we want to wait a bit, and retry.. */
e = EAGAIN;
} else {
/* XXX: Err... What ??? */
e = ETIMEDOUT; /* not precisely.. */
gotalarm = 1; /* Well, sort of.. */
break;
}
}
} else
...
if (SS->sslmode) {
r = SSL_read(SS->ssl, buf, spc);
e = SSL_get_error(SS->ssl, r);
if (e == SSL_ERROR_WANT_READ) {
e = EAGAIN;
} else
e = EINTR;
} else
...
> Many thanks for any help.
> --Douglas Lee
/Matti Aarnio <[EMAIL PROTECTED]>
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
