On Fri, 24 Apr 1998, Dirk Neuwinger wrote:
> I'm writing an application which uses the BIO stuff, because
> i need non-blocking support. I knew there are serveral comments
> on that topic, but i have problems to get a fd out of the bio
> structure.(i need it for select()) The macro BIO_get_fd returns 0,
> even if the TCP/IP connection is established and BIO_do_handshake()
> returns >0.
Which version of the library are you using and on which platform.
I current do the above mentioned setup under linux and Win32 and it works for
me...
One thing that also helps alot is to put in the error stuff while developing.
SSL_load_error_strings();
then call ERR_print_errors_fp(stderr); when you get an error.
> Ok, this is what i get without pushing the SSL to the BIO stuff
> with BIO_push(ssl_bio, con_bio). If i pushed the ssl to bio,
> BIO_do_handshake() returned <0 and BIO_should_retry() returned
> 0, which is a system error state.
>
> Ok, what am i doing wrong. I'm using SSLeay-0.9.0 on AIX.
> con_bio=BIO_new_connect(host);
> SSLeay_add_ssl_algorithms();
> ssl_ctx=SSL_CTX_new(SSLv23_client_method());
> ssl_bio=BIO_new_ssl_connect(ssl_ctx);
^^^^^^^^^^^^^^^^^^^^
> bio=BIO_push(ssl_bio,con_bio);
BIO_new_ssl_connect(ssl_ctx) is basically
con=BIO_new(BIO_s_connect())
ssl=BIO_new_ssl(ctx,1)
ret=BIO_push(ssl,con)
So what you need to do is delete the
con_bio=BIO_new_connect(host); and the BIO_push
line and add to the end
BIO_set_conn_hostname(ssl_bio,"host:port")
and if you still want the actual connect BIO,
So, I end up with
ssl_ctx=SSL_CTX_new(SSLv23_client_method());
bio=ssl_bio=BIO_new_ssl_connect(ssl_ctx);
BIO_set_conn_hostname(bio,"gromit:443");
con_bio=BIO_find_type(bio,BIO_TYPE_SOURCE_SINK);
The SOURCE_SINK type is basically any non-filter BIO, for which there should
be only one.
The BIO_do_handshake can obviously be called directly on the
SSL->connect BIO chain.
The BIO *BIO_new_buffer_ssl_connect(SSL_CTX *ctx);
in an interesting call since it generates a
buffer <-> SSL <-> connect
BIO chain, which means that after the connection is in place, you can do
BIO_gets() etc to read lines. You would have to be carefull with the
buffering and do BIO_flush() when required.
Also, if you don't specify a certificate and a private key the only ciphers
that can be used are anon-DH, which most other people will not talk and are
disabled from the start.
> i=BIO_do_handshake(con_bio);
> if (i > 0)
> {
> printf("Connection established..\n");
> p_ctrl->port_id=BIO_get_fd(bio,&p_ctrl->port_id)
> printf("FD is... fd: %d\n",p_ctrl->port_id); /* fd = 0 ???*/
> return(0); }
> else if (i == 0)
> {
> printf("Connection failed..\n");
> return(-1);
> }
> else if (i < 0)
> {
> if (BIO_should_retry(bio))
> { /* Was a non-blocking IO condition */
> if (BIO_should_read(bio))
> { /* set select(2) flags accordingly */
> }
> else if (BIO_should_write(bio))
> { /* set select(2) flags accordingly */
> }
> else if (BIO_should_io_special(bio))
> {
> j=BIO_get_retry_reason(bio);
> if (j == BIO_RR_CONNECT)
> {
> /* non-blocking connect, this
> * is currently the only 'special'
> * retry reason */
> BIO_get_fd(bio,&p_ctrl->port_id);
> printf("Waiting for next event... fd: %d\n",
> p_ctrl->port_id);
> return(EWOULDBLOCK);
> }
> }
> }
> else
> {
> printf("System error\n");
> return(-1);
> }
+-------------------------------------------------------------------------+
| Administrative requests should be sent to [EMAIL PROTECTED] |
| List service provided by Open Software Associates, http://www.osa.com/ |
+-------------------------------------------------------------------------+
