Please follow Victor's advise, because this call > SSL_set_bio(m_ssl, NULL, bioMem);
and it's counterpart: SSL_set_bio(m_ssl, m_bioMem, NULL); are NOT how this sort of thing is done. This is EXTREMELY DANGEROUS (or should I say: fatal?) coding as you forcibly remove either read or write BIO facilities for an active SSL connection. This indicates that you assume you are in total control over when SSL will [need to] write or read (and /not/ the other way) at /all/ time. Which is a falsehood. Your system can be taken down easily by any client which triggers a renegotiation. And this is only one scenario, where read can cause a write and vice versa. BIO pairs have been created to provide for such bidirectional I/O and you should both read up on the SSL_read/SSL_write documentation (and heed the notes which are mentioned for nonblocking I/O: you will see their effects at all times as you are plugging in your own I/O mechanism at the backend (IOCP)). Also check out how BIO pairs et al are used for in-memory SSL sessions, such as shown in the ssltest application which comes OpenSSL. (There are more sample apps which use in-memory BIOs for performing SSL communications.) A quick test to check if you handle renegotiations at all in your IOCP backend flow is configuring your server to trigger a renegotiation by itself by calling BIO_set_ssl_renegotiate_bytes() with a trigger setting of, say, a few KBytes of received data - a small amount which will make it happen quickly and often so you can test how things go down. But be aware that surviving this does not guarantee you'll survive client-triggered renegotiation - which is not an uncommon thing, especially when transfer amounts rise into the multi-megabytes per connection. Remember: SSL is not just shoving your bytes across the line in encrypted form. It adds a *protocol* *layer* on top of sockets, which should be facilitated for the entire lifetime of each socket connection. On Mon, Mar 16, 2009 at 9:55 PM, Nate Leon <n8l...@gmail.com> wrote: > That was the trick - I was trying to write to a : > BIO* bioMem = BIO_new(BIO_f_buffer()); > > which doesn't really make sense. > > Indeed, this is working: > BIO* bioMem = BIO_new(BIO_s_mem()); > SSL_set_bio(m_ssl, NULL, bioMem); > SSL_write(m_ssl, responseData, nRespDataSize); > > My SSL object (m_ssl) now has wbio set to the new "memory buffer" BIO > (bioMem), > and bioMem shows the correct number of bytes written in num_write. > > Good catch - many thanks! > n8 -- Met vriendelijke groeten / Best regards, Ger Hobbelt -------------------------------------------------- web: http://www.hobbelt.com/ http://www.hebbut.net/ mail: g...@hobbelt.com mobile: +31-6-11 120 978 -------------------------------------------------- ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
