Thanks a lot for the tips. The SSL negotiation and session establishment are done before proxying and the proxy never blocks. The weird thing is that I have implemented the proxy in both Linux (Debian) and Windows XP. The delay on SSL_write() is presented only in the Windows version.
Thanks in advance, Spiros Antonatos > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:owner-openssl- > [EMAIL PROTECTED] On Behalf Of David Schwartz > Sent: Friday, June 01, 2007 8:17 PM > To: openssl-users@openssl.org > Subject: RE: flushing out data to write > > > > I am trying to create a proxy that reads packets from one side and > sends > > them over an SSL connection to the other side. > > However, I frequently notice that some SSL_write()'s present a > > delay of 1sec > > to send the data (I receive a packet at time 0sec > > and it is sent at time 1sec). Can I flush somehow the SSL buffers? > > You're asking the wrong question. The delay you see in writing almost > certainly has nothing to do with flushing any buffers. > > Writing a proxy is tricky. Two tips: > > 1) Handle the SSL negotiation and session establishment and make sure > it has > completed before you begin proxying. Don't make the first SSL_write do > the > negotiation. (Odds are the delay you are seeing is because of > negotiation.) > > 2) Don't ever block in a proxy. A proxy that blocks in one direction > while > data could be passed in the other direction can cause a deadlock. > > Consider this situation: > > You are proxying an FTP-like protocol. The server is sending massive > amounts > of data to the receiver. The receiver sends an abort/close command and > refuses to read, waiting for the connection to be closed by the server. > If > your proxy is blocked sending to the receiver, you will never forward > the > abort/close command. The server will never close the connection. > > DS > > > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List openssl-users@openssl.org > Automated List Manager [EMAIL PROTECTED] ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
