On Sun, Mar 15, 2009 at 11:14:04PM -0500, Galina Goncharov wrote: > an other thought - I didn't notice your third SSL_set_bio(m_ssl, NULL, > bioMem); so my suggestion wasn't quite correct. and its always usfull to > get error by calling SSL_get_error() - it can point to right direction. > and below is from other thread:
Do read about the BIO_pair interface and find examples of the use of bio_pairs with SSL. > > I am in the process of converting an SMTP/TLS server to use Async IO. > > (using IO Completion Ports on Windows) > > As such, the previously working style of using SSL_accept, select, and > > SSL_read / SSL_write is no longer sufficient. > > > > Now that I am using WSARecv to do the read, my app is notified when a > > buffer is filled with (encrypted) data. > > Somebody suggested I stuff that data into a BIO buffer and read it out of > > that. > > I attempted to use BIO_read but without success. > > I seem to have that half working now, looking roughly like this: > > (over-simplified for readability) > > > > // SMTP client requests STARTTLS, server takes these actions: > > BIO* m_bioSckt = BIO_new_socket((int)scktUpstream, BIO_NOCLOSE); > > SSL* m_ssl = SSL_new(ctx); > > SSL_set_accept_state(m_ssl); > > SSL_set_bio(m_ssl, m_bioSckt, m_bioSckt); > > > > // Server sends "220 go ahead" to client, and waits for Client/Server > > to negotiate handshake > > int nRetCode = SSL_accept(m_ssl); > > > > // This succeeds - client reports: "New, TLSv1/SSLv3, Cipher is > > AES256-SHA, etc..." > > // Now client sends command (e.g. "EHLO example.org") which needs to > > be decrypted > > BIO* m_bioMem = BIO_new_mem_buf(encryptedData, nEncDataSize); > > SSL_set_bio(m_ssl, m_bioMem, NULL); > > char decryptedData[4096]; > > int numBytesRead = SSL_read(m_ssl, decryptedData, sizeof(decryptedData)); > > > > // SMTP server processes decryptedData and takes appropriate action - > > e.g. sends a "250 OK" response > > // That response needs to be encrypted before it is sent (WSASend) > > BIO* bioMem = BIO_new(BIO_f_buffer()); > > SSL_set_bio(m_ssl, NULL, bioMem); > > int numBytesWritten = SSL_write(m_ssl, responseData, nRespDataSize); // > > fails > > BIO_flush(bioMem); > > > > I am testing using the openssl client: > > openssl s_client -starttls smtp -connect localhost:25 -crlf -msg -debug > > > > The SSL_write seems to fail completely. :( > > Am I on the right track here? > > Is it the optimal way to go about it? > > Also surprising, (at least to me) is that BIO_new_socket and > > BIO_new_mem_buf return the identical address in memory, > > which makes me think I am really not understanding how this is supposed to > > work. > > > > Any pointers are much appreciated. > > > > TIA, > > n8 > > ______________________________________________________________________ > > OpenSSL Project http://www.openssl.org > > User Support Mailing List openssl-users@openssl.org > > Automated List Manager majord...@openssl.org > > -- Viktor. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
