What a lively discussion! One point that I thought was implicit in my comment when I started was that the timeout approach using some sort of alarm around a call to say SSL_accept, is that you cannot use the TCP timeouts, because SSL_accept wraps a whole serious of TCP transactions. My assertion is that given a situation where TCP transactions as taking place, it is difficult to come up with a reasonable timeout number. Furthermore, if you are using non blocking I/O you are doing it because you get better scalability/performance in an application that is managing a significant number of connections.
Using non blocking I/O with OpenSSL is no more or less tricky than using non blocking I/O for any other application, but the point is well taken that if you are not familiar with socket programming and non blocking sockets/pooling/etc etc etc, then you will have problems layering OpenSSL on top of it! I am currently writing up a little HOWTO with some example code for handling non-blocking sockets, not using BIOs. I will include a very minimal connection manager/thread pooler that will hopefully clear up a lot of confusion. Regards, Tim Regovich --- Eric Rescorla <[EMAIL PROTECTED]> wrote: > David Schwartz <[EMAIL PROTECTED]> writes: > > > On 03 Feb 2003 19:01:53 -0800, Eric Rescorla > wrote: > > >Tim Regovich <[EMAIL PROTECTED]> writes: > > > > >>*always* operate in non blocking mode. The code > may > > >>be slightly more complex but will *always* work > > >>better. > > > > >I don't agree with this. Getting non-blocking > code correct > > >with OpenSSL is quite tricky. If you don't need > non-blocking, > > >there's no reason to do it. > > > > You nearly always need non-blocking, even if it's > just for timeouts. > Depends. If you're just setting some global timeout, > you > can use blocking I/O perfectly well. > > -Ekr > > -- > [Eric Rescorla > [EMAIL PROTECTED]] > http://www.rtfm.com/ > ______________________________________________________________________ > OpenSSL Project > http://www.openssl.org > User Support Mailing List > [EMAIL PROTECTED] > Automated List Manager [EMAIL PROTECTED] __________________________________________________ Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now. http://mailplus.yahoo.com ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
