On Tue, Apr 27, 2010 at 5:48 PM, Dr. Stephen Henson <[email protected]> wrote: > On Tue, Apr 27, 2010, piper.guy1 wrote: > >> Hi again, >> >> I'm trying to follow the instructions in the OpenSSL reference book, >> and their example code from their site for setting a socket to >> 'non-blocking'. >> >> Before I made any changes, I was working with good code that was >> making secure connections with no problems. >> >> Essentially: >> bio = BIO_new_connect(connect_str); >> BIO_do_connect(bio); >> ssl = SSL_new(ctx); >> SSL_set_bio(ssl, bio, bio); >> SSL_connect(ssl); >> >> >From the example code, it seemed easy enough to call 'SSL_get_rfd() >> using the SSL object to get the file descriptor in order to use >> fcntl() to change the socket to non-blocking. However when I did >> this, calls to SSL_get_rfd() always return -1. Reading the function >> description docs, SSL_get_rfd() will return -1 if the BIO is not >> "suitable for file descriptors". The example code doesn't show how >> their BIO & SSL objects were created, and there's no other reference >> or information on what they mean on how to make them 'suitable'. >> >> So, I tried another approach. I created a socket the convention way >> and did a connect, followed by: >> bio = BIO_new_socket(sd, BIO_CLOSE); >> ssl = SSL_new(ctx) ; >> SSL_set_bio(ssl, bio, bio); >> SSL_connect(ssl); >> which also worked....until I called SSL_get_rfd() after I created the >> SSL object, which again returned -1. >> >> What am I doing wrong? How do you make a BIO object for file >> descriptors suitable? >> > > Well I didn't write that "suitable" phrase. I'm not sure why you're getting > the -1 return does ERR_print_errors_fp(stderr) give anything useful? > > In the second example you can use the pass descriptor "sd" for the purpose: > all the following calls do is associate it with the SSL structure. > > Steve. > -- > Dr Stephen N. Henson. OpenSSL project core developer. > Commercial tech support now available see: http://www.openssl.org > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List [email protected] > Automated List Manager [email protected] >
Steve and all, Embarrassingly, after looking at my code, I wasn't quite doing what I said I was doing. I was making the call to SSL_get_rfd() BEFORE calling SSL_connect(). Once I called SSL_get_rfd() after SSL_connect() it worked like a charm. thanx /carl h. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [email protected] Automated List Manager [email protected]
