I read Eric Rescorla's
An Introduction to OpenSSL Programming (Part II)
and learned about the i/o discipline you have to implement if you are
using OpenSSL with non-blocking i/o. The paper talks about which file
descriptors you have to include in your select() calls.
Check out section "6 Multiplexed I/O".
At this moment I'm having a look at s_client.c and I'm wondering if it
implements this technique correctly. Take a look at the code around line
1471:
case SSL_ERROR_WANT_WRITE:
BIO_printf(bio_c_out,"read W BLOCK\n");
write_ssl=1;
read_tty=0;
break;
I think that read_ssl must be set to 0 as well because otherwise you
stay in a busy wait loop around select() until the socket becomes
writable again.
This situation rarely occurs but I managed to reproduce this error. It
occurs when the send buffer fills up during re-handshake which is
unlikely to happen. But a malicious peer is able to trigger this situation.
Also, the OpenSSL manual pages require the following behavior:
"When an SSL_write() operation has to be repeated because of
SSL_ERROR_WANT_READ or SSL_ERROR_WANT_WRITE, it must be repeated with
the same arguments. "
I have the feeling that s_client does not adhere to this rule.
Does anybody know a good example that implements the correct i/o
discipline? Maybe some popular project that uses OpenSSL.
-Daniel
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager majord...@openssl.org
