Adam Grossman wrote: > One last questions, and i am done bugging you about this... > > These are the steps i am taking: > > SSL_set_fd(ssl_data->ssl_ssl, sock_fd); > sslbio=SSL_get_rbio(ssl_data->ssl_ssl); > > internalBIO=BIO_new(BIO_s_bio()); > BIO_set_write_buf_size(internalBIO, 1024); > > BIO_make_bio_pair(sslbio,internalBIO); > > size=read(sock_fd,buffer,128); // returns as read 128 > size=BIO_write(sslbio,buffer,size); // returns as written 128 > > SSL_accept(ssl_data->ssl_ssl); > > and then the accept always fails. > > > i thought this was straight forward, but i am very wrong (or very > thick...)
You two are talking about two very different things. Victor Duchovni is talking about separating the SSL engine from the socket, so you can put anything you want between the two. You are talking about "peeking" into the SSL data stream so you can decide whether to implement SSL or not. He's telling you the supported way to do what you want and you are trying to hack it in. What does the rest of your architecture look like? Is your application multi-threaded? Does it handle a larger number of SSL connections? Is it intended to be portable? Because if your answers are yes, yes, and yes, (or no, yes and yes) you are approaching this completely the wrong way and should follow Victor Duchovni's approach. DS ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org