> Since I wait until the SSL_connect() function succeeds I > wanted to know if there is a better approach.
Yes, there is a better approach, for example the one mentioned in the manual: * http://www.openssl.org/docs/ssl/SSL_connect.html > If the underlying BIO is non-blocking, SSL_connect() will also return > when the underlying BIO could not satisfy the needs of SSL_connect() > to continue the handshake, indicating the problem by the return value > -1. In this case a call to SSL_get_error() with the return value of > SSL_connect() will yield SSL_ERROR_WANT_READ or SSL_ERROR_WANT_WRITE. > The calling process then must repeat the call after taking appropriate > action to satisfy the needs of SSL_connect(). The action depends on > the underlying BIO. When using a non-blocking socket, nothing is to be > done, but select() can be used to check for the required condition. > When using a buffering BIO, like a BIO pair, data must be written into > or retrieved out of the BIO before being able to continue. So it tells you should call SSL_connect again. If you just call it again directly, you end up calling it thousand times for nothing but wasting resources until data arives on the socket. Thus you shall wait for data arriving on the socket and then call SSL_connect. To wait until data arrived, you may use select(). So you could: while(ret == READ || ret==WRITE) { if (ret = WANTREAD) { select(fd+1, fd, NULL, NULL, &tv); } else { select(fd+1, NULL, fd, NULL, &tv); } ret = SSL_connect(...); } Needed improvements include timeout management, handling select timeout and handling of errors. oki, Steffen End of message. -- About Ingenico: Ingenico is a leading provider of payment, transaction and business solutions, with over 15 million terminals deployed in more than 125 countries. Over 3,000 employees worldwide support merchants, banks and service providers to optimize and secure their electronic payments solutions, develop their offer of services and increase their point of sales revenue. http://www.ingenico.com/. This message may contain confidential and/or privileged information. If you are not the addressee or authorized to receive this for the addressee, you must not use, copy, disclose or take any action based on this message or any information herein. If you have received this message in error, please advise the sender immediately by reply e-mail and delete this message. Thank you for your cooperation. P Please consider the environment before printing this e-mail ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org