Re: Wrapping SSL_read/SSL_write so they behave like read/write.

Thu, 24 Aug 2006 02:55:57 -0700 

David

can't understand

""Incorrect. The 'SSL_write' function is the function to send
unencrypted data over the SSL link. It has nothing to do with the
encrypted data the SSL engine wants to write to the socket.""

When we do SSL_write the i/p is unencrypted data and this gets send
over the SSL link. I do agree the API as such is not encrpyting the
data but it in turn calls the engine API to do the same and thus in a
way it is doing encrpytion..
Please let me know what I am missing?..

thanks
-Krishna

On 8/21/06, David Schwartz <[EMAIL PROTECTED]> wrote:


> If you get SSL_ERROR_WANT_WRITE, even if you have no application data
> to send, the protocol itself requires data to be written

       Correct.

> -- so you
> need to call SSL_write().

       Incorrect. The 'SSL_write' function is the function to send unencrypted 
data over the SSL link. It has nothing to do with the encrypted data the SSL 
engine wants to write to the socket.

> If you get SSL_ERROR_WANT_READ, even if
> you're writing application data, that means that the protocol itself
> is requiring data to be read from the peer, so you need to call
> SSL_read().

       No. If the protocol itself needs to read data from the peer in order to 
write data, it will do so when you call SSL_write. The job of SSL_write is to 
do whatever is needed to encrypt and send the data you are writing, whether 
that means reading from the socket, writing to the socket, or both.

> Both situations can happen in either case.  If you have no data to
> write, call it with a NULL buffer and a length of 0.

       No. Do not ever do that. If you have no data to write, do not call 
SSL_write.

       This is based on the most grievous misunderstanding of what the SSL_read 
and SSL_write functions do. They do *NOT* read from and write to the socket. 
They read from and write to the logical SSL connection. That may require 
reading from the socket, writing to the socket, or both in any combination, and 
your program should not make assumptions about which and when.

       DS


______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [email protected]
Automated List Manager                           [EMAIL PROTECTED]


______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [email protected]
Automated List Manager                           [EMAIL PROTECTED]

Reply via email to