Hello, I have a multi-thread application that does not use SSL connexion. I would want to use open-ssl to protect the communication, but as the original code is multi-thread, I run into some troubles...
Basically, the client sends several (hundreds of) commands, and for each command, the server answers with a response. Currently, one client thread is used for sending commands, and a second thread is used for handling answer, each one with blocking calls to socket. My understanding of the OpenSSL documentation is that I am no more allowed to do so. A simple solution would consist into changing the client code so that it waits the answer of each command before processing next one, but this would highly reduce the speed of my application so, I would want to avoid this. Another solution would be to emulate a multi-thread application whilst guaranteing no concurrent access to open-ssl stuff by using non-blocking bio (as well as other mechanisms like semaphores, select statements, etc.). I think I have an efficient solution for this, but in this case, I need to be allowed to do a SSL_write after a SSL_read failed returning SSL_ERROR_WANT_READ (and vice-cersa). My problem is that, when reading the doc, it is unclear if this is allowed... The doc says that, in this case, next call to SSL_read shall be done with same arguments, but it does not say if we can perform a SSL_write before... Another solution would consist in buffering commands on the client side, and responses on the server side for an efficient communication in mono-thread application. But this would require changes to the server side and in the logicl of client/server communication and I would want to avoid that. So, my questions are : - Am I allowed to perform an SSL_write after a SSL_read failed ? And, if yes, are there limitations (for example, if the SSL_read sends a SSL_ERROR_WANT_WRITE, am I still allowed to perform a SSL_write ?) - Is there a simpler solution to my problem ? Thanks in advance, Brice ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [email protected] Automated List Manager [email protected]
