Normally, you have something like ...
while(1) {
select() call
if (SOCKET is in read mode) { do
{
SSL_read() call} }
if (SOCKET is in write mode) { do
{
SSL_write() call} } }
once you end first loop make sure you close the socket and issue SSL_free().
You will have to find nifty way of ending the read/write operation, though.
Yes, you will leave the eventually and also depends on the implementation
you choose, threaded, using fork, single threaded, ...
LDB
Edward Chan wrote:
Thanks for your reply. I read that, and I think I understand what it is saying. I'm just trying to get confirmation on my understanding of it. Put in a different way, if I have the following code where I do SSL_read() in a do-while loop,
int iBytesRead = 0; do { int ret = SSL_read(ssl, buf, sizeof(buf)); int err = SSL_get_error(ssl, ret); if (err == SSL_ERROR_NONE) { iBytesRead += ret; } else if (err == SSL_ERROR_ZERO_RETURN) { return 0; // ssl connection was closed } else if (err == SSL_ERROR_WANT_READ || err == SSL_ERROR_WANT_WRITE) { break; // need more data; break loop and add fd back to poll // and do another SSL_read() when there is more data // available on the socket. } else { return 0; // read failed }
} while (SSL_pending(ssl)); // ssl buffer has been completely drained
Assuming client is continuously sending me data, will I ever exit this loop? I assume that once the ssl buffer has been emptied, SSL_pending() will return 0 and I break the loop, or the ssl buffer can no longer be processed without more data, in which case I get an SSL_ERROR_WANT_READ/WRITE and break the loop, at which time I will add fd back to poll and wait for more data on the socket (which could be immediate).
-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Monday, March 28, 2005 4:04 PM
To: openssl-users@openssl.org
Subject: Re: SSL_read()
Straight from the man pages ..
SSL_read() works based on the SSL/TLS records. The data are received in records (with a maximum record size of 16kB for SSLv3/TLSv1). Only when a
record has been completely received, it can be processed (decryption and check of integrity). Therefore data that was not retrieved at the last call of
SSL_read() can still be buffered inside the SSL layer and will be retrieved on the next call to SSL_read(). If num is higher than the number of bytes
buffered, SSL_read() will return with the bytes buffered. If no more bytes are in the buffer, SSL_read() will trigger the processing of the next
record. Only when the record has been received and processed completely, SSL_read() will return reporting success. At most the contents of the record
will be returned. As the size of an SSL/TLS record may exceed the maximum packet size of the underlying transport (e.g. TCP), it may be necessary to
read several packets from the transport layer before the record is complete and SSL_read() can succeed.
it speaks to what you are inquiring about
Edward Chan wrote:
I have a question about SSL_read(). Am I correct in myunderstanding
that SSL_read() will not read from the socket as long asthere is data
in the ssl buffers available for processing? And if thereis data in
the ssl buffer but it cannot be processed because we don't have a complete record, then I will get an SSL_ERROR_WANT_READ/WRITE, in which case, I need to issue SSL_read() again to read more data from the socket?
Thanks, Ed
______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
