I use this:
SSL *ss;
int rc, connected;
while ( !connected ) {
rc = SSL_connect(ss); /* returns '1' on success */
connected = ((rc == 1) && SSL_is_init_finished(ss));
if (rc <= 0) {
/* check error code here, break if bad */
}
}
The underlying socket is non-blocking. If rc <= 0 && SSL_get_error()
returns SSL_WANT_READ, I select on the socket until some more data is
available.
IIRC, I originally had this as using SSL_is_init_finished() as the while
termination condition but that didn't always work. I don't exactly
remember what led me to the above.
HTH,
Steve
On Wed, 11 Oct 2000, Louis LeBlanc wrote:
> Ok, it looks like I was mistaken here. The SSL_state() does in fact
> return the SSL connection status flag, but it is only set to
> SSL_ST_CONNECT|SSL_ST_BEFORE in some cases, and only when the
> SSL_connect fails because the handshake didn't complete. There are
> nearly half a dozen states that could be set in this case.
>
> My question now is this: Is there a specific state, or (small) set of
> states, that I can check for on any SSL connection (for all versions)
> and verify that the connection is established, and ready for some kind
> of I/O?
>
> I found that setting the socket back to blocking is a problem. If there
> is any kind of glitch in the handshake (brought on by network
> congestion, etc) or the server has problems completing the handshake,
> maybe because it gets killed without prejudice, the app will sit in
> SSL_connect() indefinitely, without timing out.
>
> I still want to check the socket directly to get the status rather than
> managing my own for each connection, but it may come to that.
>
> Any comments/ideas, etc will be appreciated.
> Lou
>
> Louis LeBlanc wrote:
> >
> > Hello again, everyone.
> >
> > I have solved some of the problems I have been having with setting
> > verification mode and depth, I think. (Thank you Lutz!)
> >
> > I have also approached the problem of ensuring the connection is
> > successful on a nonblocking socket. What I was trying to do is use
> > SSL_state() to see if the connection has been made. If I interpreted
> > the SSL_connect()code correctly, it sets the state to
> > SSL_ST_CONNECT|SSL_ST_BEFORE
> >
> > If I check the state with SSL_state() it should tell me if the SSL
> > connection has been established, right?
> >
> > My initial solution was to set the connection back to blocking mode just
> > before the SSL_connect, and I am told it may be okay with the rest of
> > the app if it stays this way. Does any know of any caveats with this
> > scenario?
> >
> > Thanks
> >
> > Lou
> > ______________________________________________________________________
> > OpenSSL Project http://www.openssl.org
> > User Support Mailing List [EMAIL PROTECTED]
> > Automated List Manager [EMAIL PROTECTED]
> ______________________________________________________________________
> OpenSSL Project http://www.openssl.org
> User Support Mailing List [EMAIL PROTECTED]
> Automated List Manager [EMAIL PROTECTED]
>
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
