David
can't understand
Incorrect. The 'SSL_write' function is the function to send
unencrypted data over the SSL link. It has nothing to do with the
encrypted data the SSL engine wants to write to the socket.
When we do SSL_write the i/p is unencrypted data and this gets send
over the SSL
David
can't understand
Incorrect. The 'SSL_write' function is the function to send
unencrypted data over the SSL link. It has nothing to do with the
encrypted data the SSL engine wants to write to the socket.
When we do SSL_write the i/p is unencrypted data and this gets send
over the
If you get a 'select' hit, whether for readability or
writability, you
should retry *all* operations, whether reads or writes.
(Obviously, don't
call SSL_write unless you have some data to write!)
Again, I also recommend trying an SSL_read on any hit,
whether for
readability
Apologies if this is a duplicate; I was messing around with my e-mail
yesterday and it was broken for a while. I didn't see this go through.
On Sun, Aug 20, 2006 at 06:54:36PM -0400, Joe Flowers wrote:
It means call exactly the same SSL function you just did with the exact
same
Hello,
Pardon me, I think I'm a little thick today. I get what you're
all saying but I'm still not 100% sure of how this should be applied.
Here's the program flow, without SSL:
while(!quit) {
for(i in all file descriptors) {
if(we have something buffered up to say to the server)
Do something like this for a SSL_read() and something very similar for
SSL_write() and SSL_shutdown(), etc. (I'm assuming non-blocking sockets):
-
totalbytesread=0;
stop='n';
unsigned
On Tue, Aug 22, 2006 at 03:00:46PM +0200, Marek Marcola wrote:
You may use select() but with some care.
Simplest way is to:
1) wait on select()
2) read hit from SSL descriptor occur
3) read incrementally with SSL_read() from that descriptor until
WANT_READ
(or in other words - get all
On Tue, Aug 22, 2006 at 12:06:29PM -0400, Steven Young wrote:
On Tue, Aug 22, 2006 at 03:00:46PM +0200, Marek Marcola wrote:
You may use select() but with some care.
Simplest way is to:
1) wait on select()
2) read hit from SSL descriptor occur
3) read incrementally with SSL_read()
Original message
Date: Tue, 22 Aug 2006 15:00:46 +0200
From: Marek Marcola [EMAIL PROTECTED]
Subject: Re: Wrapping SSL_read/SSL_write so they behave like
read/write.]
To: openssl-users@openssl.org
You may use select() but with some care.
Simplest way is to:
1) wait on select()
2
Hello,
You may use select() but with some care.
Simplest way is to:
1) wait on select()
2) read hit from SSL descriptor occur
3) read incrementally with SSL_read() from that descriptor until
WANT_READ
(or in other words - get all data from SSL read buffer)
4) go to select()
In 3)
To answer my own question: No. Here is an amended version.
While I believe your code is okay, it can be improved in a few ways. It
contains some assumptions that are not always true, and it will work better
without those assumptions.
for(cp = connobjs; cp; cp = cp-next)
Original message
Date: Tue, 22 Aug 2006 12:22:37 -0700
From: David Schwartz [EMAIL PROTECTED]
Subject: RE: Wrapping SSL_read/SSL_write so they behave like
read/write.]
To: openssl-users@openssl.org
You should 'select' for writability if and only if you get a
WANT_WRITE
Hello
On Sat, Aug 19, 2006 at 11:58:27PM +0200, Marek Marcola wrote:
In this situation calling SSL_read() next time is enough
(SSL layer will continue to write its own data and after this
read real data) but this SSL_read() should be performed
when socket descriptor is ready for write
On Sun, Aug 20, 2006 at 07:46:26PM +0200, Marek Marcola wrote:
I've forget to pay your attention on other problem that may appear
with code like:
do {
ret = SSL_read(sslobject, buf, bufsz);
err = SSL_get_error(sslobject, ret);
} while (ret = 0 (err == SSL_ERROR_WANT_READ));
Hello,
On Sun, Aug 20, 2006 at 07:46:26PM +0200, Marek Marcola wrote:
I've forget to pay your attention on other problem that may appear
with code like:
do {
ret = SSL_read(sslobject, buf, bufsz);
err = SSL_get_error(sslobject, ret);
} while (ret = 0 (err ==
If you get SSL_ERROR_WANT_WRITE, even if you have no application data
to send, the protocol itself requires data to be written -- so you
need to call SSL_write(). If you get SSL_ERROR_WANT_READ, even if
you're writing application data, that means that the protocol itself
is requiring data to be
I wouldn't advise that. Read the docs:
When calling |SSL_write()| with num=0 bytes to be sent the behaviour is
undefined.
I still stand by me first reply on this thread, as I believe it follows
directly from the docs.
Read the docs on SSL_read() and SSL_write().
SSL_ERROR_WANT_WRITE does
Joe Flowers wrote:
It means the exactly same SSL function you just did with the exact
same parameters as you ust did that produced this SSL_ERROR_WANT_WRITE
return. Again, it's clearly explained in the docs.
Joe
Good grief. Pardon my grammar.
The sentence should have read:
It means call
Encapsulated SSL data comes in records/packets. When you select()
some descriptor for read, and select() gives you such hit you start
reading data from SSL buffers. And now we may have some problems.
If you will retry SSL_read() until you will get WANT_READ then
you will get all data from
If you get SSL_ERROR_WANT_WRITE, even if you have no application data
to send, the protocol itself requires data to be written
Correct.
-- so you
need to call SSL_write().
Incorrect. The 'SSL_write' function is the function to send unencrypted
data over the SSL link. It
Hello,
I'm writing a program which can be compiled either with SSL support or
without. In order to limit the amount of #ifdef'ing I have to put
throughout the rest of my program, I'm trying to wrap SSL_read and
SSL_write so they can be treated like read/write on a regular socket.
This is
Steve,
You need to put select(ready to read or write) inside each (BOTH
SSL_read() and SSL_write()) of your while loops at the beginning, and
then cycle on WANT_READ or WANT_WRITE for BOTH SSL_read() and
SSL_write() loops.
You're getting high utilization because you are not putting select
Hello,
You need to put select(ready to read or write) inside each (BOTH
SSL_read() and SSL_write()) of your while loops at the beginning, and
then cycle on WANT_READ or WANT_WRITE for BOTH SSL_read() and
SSL_write() loops.
You're getting high utilization because you are not putting
On Sat, Aug 19, 2006 at 10:27:52PM +0200, Marek Marcola wrote:
I'm not sure if this is good solution because this will give
you semi-blocking behaviour (we are only in non-blocking wrapper
and checking for read/write is done by select() in upper layer).
You're right; I don't want blocking
On Sat, Aug 19, 2006 at 05:44:35PM -0400, Steven Young wrote:
You're right; I don't want blocking behaviour. The non-SSL part
of the code solves this by select()ing on the readable file descriptors
and only calling read() when there is something to be read.
To give you an idea of what's
Hello,
You should change loop ending condition - this loop should end
when SSL_ERROR_WANT_READ or SSL_ERROR_WANT_WRITE occur because
this errors may be returned on non-blocking sockets on SSL_read()
and on SSL_write(). On normal use this will happen mostly where
re-handshake is going on
On Sat, Aug 19, 2006 at 11:58:27PM +0200, Marek Marcola wrote:
In this situation calling SSL_read() next time is enough
(SSL layer will continue to write its own data and after this
read real data) but this SSL_read() should be performed
when socket descriptor is ready for write now.
Hi
I'm a little unclear on how this should be implemented.. so if I call
SSL_read, get -1 back, and err = SSL_ERROR_WANT_READ, do I just call
SSL_read again?
No. That error is telling you that you need to wait until the socket is
(again) readable.
Because that's what I've been doing
28 matches
Mail list logo
