On Mon, Nov 13, 2000 at 07:16:39PM -0800, Dan Kegel wrote:
> Nonblocking network I/O is tricky with the current API, but doable.
> I've got working code for that, and there are good examples now.
> Nonblocking crypto is another matter; it would be a real pain, and
> there are no examples showing how it might be done.
Non-blocking crypto can't be done right now, but there could be a new
SSL_get_error return value saying "call the previous function again".
(There could be one mode where cryptographic operations are always
completed in one go, one mode where they may be split, and even modes
where public key cryptography or all crypto is avoided completely
until switched on again.) The current BIO API means that applications
don't have to handle handshakes (including renegotiation) explicitly,
which is why I don't believe that non-blocking I/O is trickier
now than it would be with different APIs.
It should be possible to implement something close to what you
describe at <URL http://www.kegel.com/ssl/api.html> on top of the
current SSL API with new SSL_get_error return values addeed, using
either a BIO pair or memory BIOs.
(BTW, there's a bug in your example code -- 'len' should be 'nbytes'
in 'openssl_buildFrame(openssl, buf, len)'.)
--
Bodo Möller <[EMAIL PROTECTED]>
PGP http://www.informatik.tu-darmstadt.de/TI/Mitarbeiter/moeller/0x36d2c658.html
* TU Darmstadt, Theoretische Informatik, Alexanderstr. 10, D-64283 Darmstadt
* Tel. +49-6151-16-6628, Fax +49-6151-16-6036
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
