Thanks pj, the code was real helpful.
Just one minor clarification, once a call to SSL_renegotiate is made,
should I check the protocol status by calling SSL_accept (mine is server)
within the while loop you have? I have gone into an "accept_pending"
state and calling SSL_accept until it returns with a 1..is this correct?
Thanks
--Gayathri
Hi I did the same thing yesterday myself but because I wanted to implement a
timeout solution as well as quick shutdown of my COM object via object
notification. You might be able to hack my work ... this is what I came up
with... It takes a blocking socket, makes it un-blocking... negotiates with
timeout and signalling considerations and then passes back normal error
codes...
// SSLConnectWithTimeout, connect to a remote server with timeout
int CHTTP::SSLConnectWithTimeout(DWORD timeout, SOCKET s, SSL *ssl) {
//-------------------------
// Set the socket I/O mode: In this case FIONBIO
// enables or disables the blocking mode for the
// socket based on the numerical value of iMode.
// If iMode = 0, blocking is enabled;
// If iMode != 0, non-blocking mode is enabled.
int iMode = 1;
LogInformation2("Running SSL non-blocking connection timeout = %ld",
timeout);
if (timeout) {
// establish non- blocking mode to enable us to time out.
ioctlsocket(s, FIONBIO, (u_long FAR*) &iMode);
}
// make the connection attempt
int nRet = SSL_connect(ssl);
// if we are using a timeout then ...
if (timeout) {
// convert nRet to a real error if necessary
if (nRet != 1)
nRet = SSL_get_error(ssl, nRet);
LogInformation2("connect run return value %d.", nRet);
LogInformation1("Starting SSL polling loop");
// get the start time
DWORD starttime = timeGetTime();
while ((nRet==SSL_ERROR_WANT_READ ||
nRet==SSL_ERROR_WANT_WRITE) && !isStopEventSignaled()) {
// Back off to let the connection happen.
//Sleep(50);
// reiterate the connection
nRet = SSL_connect(ssl);
if (nRet != 1)
nRet = SSL_get_error(ssl, nRet);
// check for timeout
if ((timeGetTime() - starttime >= timeout) ||
m_signalled) {
// return an error
nRet = -1;
break;
}
}
LogInformation2("Finished polling loop signalled? %d",
m_signalled);
// if we made it to here with nRet = 1 we are SSL connected
if (nRet == 1) {
LogInformation2("Successful connection made!
returning %d.", nRet);
// turn off non-blocking mode, back to blocking mode
for the rest
// of the connection
iMode = 0;
ioctlsocket(s, FIONBIO, (u_long FAR*) &iMode);
}
else {
// just a log the error, remember logging disappears
when compiled
// without LOG_BUILD defined.
LogInformation2("Timeout occurred returning %d.",
nRet);
}
}
// return connection state.
return nRet;
}
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED]
Sent: Thursday, 2 June 2005 2:14 PM
To: openssl-users@openssl.org
Subject: SSL_renegotiation using non block sockets
Hi,
I am using Non Blocking sockets, and would like to
know the behaviour wrt SSL_renegotiation.
Once I make a call to do_handshake, as the FD is non
blocking it will return immediately with a success,
but from the application's point of view how will it come
to know that the renegotiation in thro' so that it can
call SSL_write/SSL_read? Should the application poll on that
do_handshake flag within the ssl control block?
Any suggestion/help appreciated a lot.
Thanks
--Gayathri
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
--
No virus found in this incoming message.
Checked by AVG Anti-Virus.
Version: 7.0.322 / Virus Database: 267.4.0 - Release Date: 1/06/2005
--
No virus found in this outgoing message.
Checked by AVG Anti-Virus.
Version: 7.0.322 / Virus Database: 267.4.0 - Release Date: 1/06/2005
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
