Re: Using OpenSSL with non-blocking I/O
On Fri, May 06, 2011, Rajib Karmakar wrote: Hi, I am developing and application using OpenSSL. I have a proprietary system to handle connection/read data from sockets. All I need to do is to pass callback functions to the system to 1. Handle new connection 2. Read data on the given port Now while I use OpenSSL, I need to use SSL_connect and SSL_accept to do the handshake. But these calls are blocking and also use the sockets directly. Is there any way to use the library so that it works as a event-based handshake. Actually they aren't blocking and don't use sockets directly. They use a BIO I/O abstraction. Your problem can be resolved by either writing your own BIO or using BIO pairs. See the archives for discussion of these concepts. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Re: Using OpenSSL with non-blocking I/O
Hi, I am developing and application using OpenSSL. I have a proprietary system to handle connection/read data from sockets. All I need to do is to pass callback functions to the system to 1. Handle new connection 2. Read data on the given port Now while I use OpenSSL, I need to use SSL_connect and SSL_accept to do the handshake. But these calls are blocking and also use the sockets directly. Is there any way to use the library so that it works as a event-based handshake. Actually they aren't blocking and don't use sockets directly. They use a BIO I/O abstraction. Your problem can be resolved by either writing your own BIO or using BIO pairs. See the archives for discussion of these concepts. Steve. -- Hi, Can you show us the source code. Paste it into pastebin.org. Regards
Re: Using OpenSSL with non-blocking I/O
On 06 May 2011, at 9:23 PM, derleader mail wrote: Can you show us the source code. Paste it into pastebin.org. We do non blocking SSL by accepting the socket in the normal way (using accept, not SSL_accept), and then wrapping the socket in a BIO like this: BIO *sbio = BIO_new_socket(c-socket, BIO_NOCLOSE); SSL *ssl = SSL_new(ctx); SSL_set_bio(ssl, sbio, sbio); SSL_set_connect_state(ssl); We then put the socket in the event loop, and on read and write events we called SSL_read and SSL_write as appropriate. The first time we call SSL_read, the proper handshake is completed. One thing that you need to support for non blocking SSL to work properly is to take account the fact that during SSL_write, SSL may want to read from the socket, and during SSL_read, SSL may want to write. We keep track of whether a ready to read event should call SSL_read or SSL_write as appropriate, reacting to the SSL_ERROR_WANT_READ and SSL_ERROR_WANT_WRITE result codes. Regards, Graham -- __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Using OpenSSL with non-blocking I/O
I think the openssl src already has sample server and client programs which are written in non blocking mode ..check wserver2.c if I am able to recall. On Fri, May 6, 2011 at 2:42 PM, Graham Leggett minf...@sharp.fm wrote: On 06 May 2011, at 9:23 PM, derleader mail wrote: Can you show us the source code. Paste it into pastebin.org. We do non blocking SSL by accepting the socket in the normal way (using accept, not SSL_accept), and then wrapping the socket in a BIO like this: BIO *sbio = BIO_new_socket(c-socket, BIO_NOCLOSE); SSL *ssl = SSL_new(ctx); SSL_set_bio(ssl, sbio, sbio); SSL_set_connect_state(ssl); We then put the socket in the event loop, and on read and write events we called SSL_read and SSL_write as appropriate. The first time we call SSL_read, the proper handshake is completed. One thing that you need to support for non blocking SSL to work properly is to take account the fact that during SSL_write, SSL may want to read from the socket, and during SSL_read, SSL may want to write. We keep track of whether a ready to read event should call SSL_read or SSL_write as appropriate, reacting to the SSL_ERROR_WANT_READ and SSL_ERROR_WANT_WRITE result codes. Regards, Graham -- __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
