I'm sorry, i will switch DLs... i'm new to this forum! Thanks for the information! ________________________________________ From: owner-openssl-...@openssl.org [owner-openssl-...@openssl.org] on behalf of Krzysztof Kwiatkowski [krzys...@leeds.pl] Sent: Thursday, June 05, 2014 1:09 PM To: openssl-dev@openssl.org Subject: RE: Conflicting information regarding non-blocking sockets
First of all, I think you should ask this question on openssl-us...@openssl.org. In my opinion you can mix SSL_write() and SSL_read() operations when they return WANTS_X. According to documentation of SSL_read() says "The calling process then must repeat the call after taking appropriate action to satisfy the needs of SSL_read(). The action depends on the underlying BIO.". So you must repeat (in order for handshake to finish), but it doesn't mean that you can not do something else (like calling SSL_read/write()) in between. At least this is what I do in mine code also and never seen any problems. On 2014-06-05 18:48, Barbe, Charles wrote: > Just a bit of clarification on my question... I am fully aware that > if the OpenSSL library tells me it NEEDS_READ or NEES_WRITE in > response to an SSL_read I should then issue that same SSL_read > command > again with the same parameters when the associated resource is ready > for whichever operation OpenSSL requested before issuing another > SSL_read and likewise with SSL_write (unless options are set to allow > partial writes and/or moving buffers). My question is specifically > about whether a NEED_X response from SSL_read means that I cannot > call > SSL_write until SSL_read succeeds and likewise with SSL_write. > ________________________________________ > From: owner-openssl-...@openssl.org [owner-openssl-...@openssl.org] > on behalf of Barbe, Charles [charles.ba...@allworx.com] > Sent: Thursday, June 05, 2014 12:03 PM > To: openssl-dev@openssl.org > Subject: Conflicting information regarding non-blocking sockets > > Hello, > > I have implemented an SSL server on the ecos platform and it seems to > be working well however I am a tiny bit unclear about the > requirements > around whether or not calls to SSL_read and SSL_write need to be > syncrhonized and I want to avoid doing something incorrect. The > specific question I have is this: > > If I call SSL_read() and openSSL tells me that it NEEDS_WRITE or > NEEDS_READ, do I need to then hold off calls to SSL_write until I > have > called SSL_read again and it is succeeds? And then same question but > with SSL_write. > > I am asking because I have seen conflicting information. Here is > where I'm getting the conflicting information: > >>From the "calls must be synchronized" camp: > > In chapter 5, pages 159-166 of "Network Security with OpenSSL" by > John Viega, Matt Messier & Pravir Chandra, 2002 they state very > clearly that "once we've made a call to an SSL I/O function, and it > requires a retry, we should not call other I/O functions until the > original call has succeeded." It even gives a code example that > achieves this synchronization. > >>From the "calls to SSL_read and SSL_write can be treated >> independently" camp: > > In this thread from the openssl-dev mailing list: > > http://marc.info/?l=openssl-dev&m=124308191325560&w=2 > > A gentleman named David Schwartz states, "I'm not sure where you see > that, but that is obviously bogus. Suppose we have a protocol that > permits either side to read or write at any time. We call SSL_read in > case the other side sent something, it returns WANT_READ, because the > other side didn't send anything. Are you seriously arguing that we > now > can't send anything until the other side does? Isn't that obviously > an > impossible requirement?" > > In response to this statement by somebody else "Because the > documentation appears in several places to state that when I receive > WANT_X from _any_ OpenSSL API operation in non-blocking mode, the > next > API operation I issue on that SSL * must be the exact same API > operation, with the same parameters." > > Can somebody please tell me which of these two sources are correct or > if I am mis-reading them? > > Thanks! > > CHAD > > > > ______________________________________________________________________ > OpenSSL Project > http://www.openssl.org > Development Mailing List > openssl-dev@openssl.org > Automated List Manager > majord...@openssl.org > > ______________________________________________________________________ > OpenSSL Project > http://www.openssl.org > Development Mailing List > openssl-dev@openssl.org > Automated List Manager > majord...@openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
