Hello, as I can see from code you first set readBIO and writeBIO to socket(scktUpstream ) and that makes TLS negotiation to succeed. Later you set SSL readBIO to mem_bio, and writeBIO to NULL and then try to use writeBIO ( calling SSL_write) - sure it will fail. During negotiation do you receive server responses on scktUpstream? I think so, otherwise I don't see how it would work. Have you tried to not reset SSL BIO with memBIO but have blocking SSL_read - it will return once you socket finish reading.and then just use SSL_write as you do, just again without reseting SSL BIO.
hope this will help. Galina On Fri, Mar 13, 2009 at 7:52 PM, Nate Leon <n8l...@gmail.com> wrote: > Greetings, > I am in the process of converting an SMTP/TLS server to use Async IO. > (using IO Completion Ports on Windows) > As such, the previously working style of using SSL_accept, select, and > SSL_read / SSL_write is no longer sufficient. > > Now that I am using WSARecv to do the read, my app is notified when a > buffer is filled with (encrypted) data. > Somebody suggested I stuff that data into a BIO buffer and read it out of > that. > I attempted to use BIO_read but without success. > I seem to have that half working now, looking roughly like this: > (over-simplified for readability) > > // SMTP client requests STARTTLS, server takes these actions: > BIO* m_bioSckt = BIO_new_socket((int)scktUpstream, BIO_NOCLOSE); > SSL* m_ssl = SSL_new(ctx); > SSL_set_accept_state(m_ssl); > SSL_set_bio(m_ssl, m_bioSckt, m_bioSckt); > > // Server sends "220 go ahead" to client, and waits for Client/Server > to negotiate handshake > int nRetCode = SSL_accept(m_ssl); > > // This succeeds - client reports: "New, TLSv1/SSLv3, Cipher is > AES256-SHA, etc..." > // Now client sends command (e.g. "EHLO example.org") which needs to > be decrypted > BIO* m_bioMem = BIO_new_mem_buf(encryptedData, nEncDataSize); > SSL_set_bio(m_ssl, m_bioMem, NULL); > char decryptedData[4096]; > int numBytesRead = SSL_read(m_ssl, decryptedData, sizeof(decryptedData)); > > // SMTP server processes decryptedData and takes appropriate action - > e.g. sends a "250 OK" response > // That response needs to be encrypted before it is sent (WSASend) > BIO* bioMem = BIO_new(BIO_f_buffer()); > SSL_set_bio(m_ssl, NULL, bioMem); > int numBytesWritten = SSL_write(m_ssl, responseData, nRespDataSize); // > fails > BIO_flush(bioMem); > > I am testing using the openssl client: > openssl s_client -starttls smtp -connect localhost:25 -crlf -msg -debug > > The SSL_write seems to fail completely. :( > Am I on the right track here? > Is it the optimal way to go about it? > Also surprising, (at least to me) is that BIO_new_socket and > BIO_new_mem_buf return the identical address in memory, > which makes me think I am really not understanding how this is supposed to > work. > > Any pointers are much appreciated. > > TIA, > n8 > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List openssl-users@openssl.org > Automated List Manager majord...@openssl.org >
