On Wed, 15 Apr 1998, Jeroen Wortelboer wrote:
> If I build a non-blocking app, I can keep on calling SSL_read of
> SSL_write during the initial connection handshake and the read/write
> calls will return the should retry code as long as the initial handshake
> is being carried out. I need to keep calling the read or write routines
> to advance the handshake's state machine.
> At some point, I will no longer get a should retry code, meaning the
> connection is there.
>
> Great, this only leaves me with the question of how to start the
> handshake just after the tcp connection setup. (I don't want to wait
> with the handshake until I can send some data.)
> Can I do this by simply trying to read from the socket or can I call
> SSL_do_handshake which will also return the should retry code ?
^^^^^^^^^^^^^^^^
yes. Normally what I actually do is setup a SSL BIO, then push onto it
a connect BIO. I then do a single BIO_do_handshake which starts the connect
BIO going and then do the BIO_read/BIO_write stuff.
The only difference between the BIO and SSL read/write/do_handshake is a
wrapper layer, the same type of non-blocking API is present.
What is nice though is that you can use non-blocking connect without being
aware of it :-). The first do_handshake will do the DNS lookup and report
errors of this type. If you are using BIOs instead of the SSL routines the
code becomes
i=BIO_read(bio,buf,len) (or BIO_write or BIO_do_handshake)
if (i <= 0) /* EOF */
{
if (BIO_should_retry(bio))
{
if (BIO_should_read(bio))
{
j=need_read_event;
}
else if (BIO_should_write(bio)
{
j=need_write_event;
}
else if (BIO_should_io_special(bio))
{
switch (BIO_get_retry_reason(bio))
{
case BIO_RR_SSL_X509_LOOKUP:
/* not implemented yet */
break;
case BIO_RR_CONNECT:
j=need_connect_event;
break;
default:
j=unknown;
}
}
else
{
j=no_event
bad connection, an error of some type
}
}
}
In theory the io_special could be done to do non-blocking DNS timeouts etc
but it only does connect timeouts at this point in time.
non-blocking connects are only really an issue under Windows where
you can recieve a message on connect.
eric
+-------------------------------------------------------------------------+
| Administrative requests should be sent to [EMAIL PROTECTED] |
| List service provided by Open Software Associates, http://www.osa.com/ |
+-------------------------------------------------------------------------+
