Re: Checking an SSL connection . . .

Wed, 11 Oct 2000 15:34:24 -0700 

Ok, it looks like I was mistaken here.  The SSL_state() does in fact
return the SSL connection status flag, but it is only set to
SSL_ST_CONNECT|SSL_ST_BEFORE in some cases, and only when the
SSL_connect fails because the handshake didn't complete.  There are
nearly half a dozen states that could be set in this case.

My question now is this:  Is there a specific state, or (small) set of
states, that I can check for on any SSL connection (for all versions)
and verify that the connection is established, and ready for some kind
of I/O?

I found that setting the socket back to blocking is a problem.  If there
is any kind of glitch in the handshake (brought on by network
congestion, etc) or the server has problems completing the handshake,
maybe because it gets killed without prejudice, the app will sit in
SSL_connect() indefinitely, without timing out.

I still want to check the socket directly to get the status rather than
managing my own for each connection, but it may come to that.

Any comments/ideas, etc will be appreciated.
Lou

Louis LeBlanc wrote:
> 
> Hello again, everyone.
> 
> I have solved some of the problems I have been having with setting
> verification mode and depth, I think. (Thank you Lutz!)
> 
> I have also approached the problem of ensuring the connection is
> successful on a nonblocking socket.  What I was trying to do is use
> SSL_state() to see if the connection has been made.  If I interpreted
> the SSL_connect()code correctly, it sets the state to
> SSL_ST_CONNECT|SSL_ST_BEFORE
> 
> If I check the state with SSL_state() it should tell me if the SSL
> connection has been established, right?
> 
> My initial solution was to set the connection back to blocking mode just
> before the SSL_connect, and I am told it may be okay with the rest of
> the app if it stays this way.  Does any know of any caveats with this
> scenario?
> 
> Thanks
> 
> Lou
> ______________________________________________________________________
> OpenSSL Project                                 http://www.openssl.org
> User Support Mailing List                    [EMAIL PROTECTED]
> Automated List Manager                           [EMAIL PROTECTED]
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]

Reply via email to