Dan Kegel wrote:
>
> Ben Laurie wrote:
> >
> > Dan Kegel wrote:
> > >
> > > I'm adding SSL support to my app, and am finding it
> > > tedious, partly because of having to figure out how
> > > OpenSSL supports nonblocking sockets.
> > >
> > > demo/state_machine/state_machine.c is better than nothing,
> > > but it waves its hands a fair bit,
> >
> > Which bits are hand-wavy?
>
> Mostly the bits that are commented as such, e.g. there are
> several FIXME's.
Right - IIRC of a trivial nature. It would be good to fix them, though.
> Also, there may be a few hidden hand-wavy
> parts; using this code in a regression test might flush them out
> of hiding.
Testing is, of course, good. Asserting that there may be "hidden
hand-wavy parts" is kinda weird.
> > > and doesn't actually
> > > use nonblocking sockets.
> >
> > It doesn't need to! It uses select instead.
>
> To avoid blocking, you *must* use nonblocking I/O even if you use select();
> there's no rule saying read() and write() won't block if select()
> says they won't;
Yes there is!
> select() can occasionally be wrong, or there might
> not be as many bytes available or writable as you expect. In this program,
> the call
> read(0, buf, sizeof buf)
> may well block in normal operation -- what if 1024 bytes aren't
> available?
Then you get what is available. OTOH, you may be right about write....
In any case, making them non-blocking (which would also require fixing
at least some of the FIXMEs) would be good.
> > > If I get up the energy, I might fix up state_machine.c
> > > to be a little less hand-wavy, and / or write a program
> > > that does a regression test on nonblocking I/O support.
> > > (Heh, maybe I'll throw in a test case that demonstrates
> > > the bug in SSL_peek that nobody seems to care about :-)
> >
> > Which bug is that?
>
> The one I reported on October 7th:
> http://www.mail-archive.com/[email protected]/msg06753.html
> - Dan
>
> p.s. Richard Stevens' book "Unix Network Programming", Vol 1, 2nd ed,
> is a great reference for anyone new to nonblocking I/O. It's so
> good I have to plug it for the benefit of newbies, even if 90%
> of the people on this list have already read it.
Stevens was, indeed, God.
Cheers,
Ben.
--
http://www.apache-ssl.org/ben.html
"There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit."
Robert Woodruff
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
