On Sat, Jan 16, 2010 at 10:39:13AM -0500, Adam Grossman wrote:
> On Fri, 2010-01-15 at 17:06 -0500, Victor Duchovni wrote:
> > On Fri, Jan 15, 2010 at 04:11:04PM -0500, Adam Grossman wrote:
> >
> > > A simpler question might be (hopefully), is after i call "SSL_accept",
> > > is there a way to retrieve all the raw data which was read in by
> > > SSL_accept?
> >
> > Don't call SSL_accept() unless you know that the client's first
> > message is an SSL HELLO. Use bio-pairs to drive the SSL I/O
> > engine, capture the client's first input buffer directly, and
> > only start the SSL engine if it is an SSL HELLO.
> >
>
>
> i have been reading about BIO pairs, but i am still confused. here is
> what i am doing:
>
> internalBIO=BIO_new(BIO_s_bio());
> BIO_set_write_buf_size(internalBIO, 1024);
>
> sslbio=SSL_get_rbio(ssl);
>
> BIO_make_bio_pair(sslbio,internalBIO);
>
>
> now my plan was to read the first 128 bytes, look at it, get the info i
> needed, they call SSL_accept. but how do i put those 128 bytes "back",
> so SSL_accept will pick those up, then the rest of the stream?
You write octets you have read from the socket into the network side of
the biopair, and you must write octets that you read from the network
side of the biopair to the socket.
As in the man page for BIO_new_bio_pair:
application | TLS-engine
| |
+----------> SSL_operations()
| /\ ||
| || \/
| BIO-pair (internal_bio)
+----------< BIO-pair (network_bio)
| |
socket |
You need to copy all available bytes from the network BIO to the
network socket whenever an SSL operation returns SSL_ERROR_WANT_WRITE
OR SSL_ERROR_WANT_READ.
If (and only if) you have copied everything available on the network
bio to the network, and an SSL operation returns SSL_ERROR_WANT_READ,
you can read the network socket and copy anything you get to the
network bio.
--
Viktor.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
