More than likely, the problem stems from my novice understanding as to
how BIOs work, however I have a very puzzling problem. I'm currently
writing a client/server application, client written in C for speed (will
be invoked several times a second), and server is written in Java. I
want the client to have the option of sending the data to the server via
SSL. Doesn't sound too complicated right? Java application creates a
ServerSocket and listens for connections, sets up the I/O for it, and
waits for commands. When the client wants to begin communicating in
SSL, it simply sends "ssl on" to the server.
There seems to be a problem with the client however. I setup the
initial plain-text connection using a BIO like so:
BIO *conn;
conn = BIO_new_connect(server);
BIO_do_connect(conn);
This works perfectly. Then after the connection is established, I go
ahead and issue this:
BIO_write(conn, "ssl on\n", 7);
BIO_flush(conn);
This signals the server to convert it's socket into a SSLSocket. Which
appears to work. However, when I setup the CTX and issue SSL_connect, a
deadlock occurs during the handshake. Both the client, and the server
are sitting there waiting for read from each other (which I see via gdb
and strace). The client never progresses past SSL_connect, and the
server never progresses past SocketFactory.createSocket( ... ). It
should also be noted that all sockets are blocking.
Now here comes the weird part. If I remove the BIO_write/BIO_flush, and
instead just proceed to SSL_connect on the client, while also assuming
SSL and converting the Socket to SSLSocket without waiting for a
command, the handshake succeeds! It would appear that something is going
on with BIO_write/BIO_flush that I don't understand that is affecting
the state of the BIO that SSL_connect doesn't like. I double check to
make sure both in/out on the BIO are flushed and empty so the handshake
doesn't get garbled with stray data. But as soon as I issue any kind of
BIO_write before a SSL_connect, the handshake deadlocks. Simply remove
the BIO_write, and it works flawlessly. I sure hope someone has an idea
what I'm doing wrong here. Thanks!
- Russ
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [email protected]
Automated List Manager [EMAIL PROTECTED]
