Re: BIO pair

Sat, 03 Mar 2001 16:00:17 -0800 


    You seem to be forgetting, among other things, that if you use BIO
pairs, you have _4_ streams of data to deal with, not 2. First there's data
received on the socket that needs to go to the SSL engine. Then there's data
from the SSL engine that you need to hand to the socket. Third there's the
plaintext output from the SSL engine that you need to receive from the BIO
pair. Fourth, there's the plaintext you want to encrypt and send that you
need to send into the BIO pair.

    In actuality, you should have eight endpoints:

    1) The plaintext data you want to encrypt and send has to come from
somewhere (from your server code).
    2) The encrypted data has to be sent over some transport to get to the
client (to a socket).
    3) You have to hand encrypted data to the SSL engine (that you received
from the client).
    4) You have to extract encrypted data from the SSL engine (to be sent to
the client).
    5) The plaintext data the SSL engine decrypts has to go somewhere (up to
your server code).
    6) You have to extract decrypted plaintext from the SSL engine (to hand
to the server).
    7) You have to receive encrypted data that is to be decrypted from
somewhere.
    8) You have to hand plaintext to be encrypted to the SSL engine
somewhere (that came from your server code).

    So if you are using BIO pairs properly, you should have _8_ different
I/O operations.

    DS

----- Original Message -----
From: Teemu Piiroinen
To: [EMAIL PROTECTED]
Sent: Saturday, March 03, 2001 7:57 AM
Subject: BIO pair


Hi

I have tried to use BIO pair and for some reason it doesn't
seem to work right. So, here is the code if someone could
tell me what's going wrong.

I have tried to make it work without SSL_set_fd and SSL_accept, but it won't
work.


  ssl = SSL_new (ctx);

  SSL_set_fd (ssl, sd);                        // Do I need this line at
all?   sd = socket

  BIO *internalbio = new BIO;
  BIO *networkbio = new BIO;

  BIO_new_bio_pair(&internalbio, 1000, &networkbio, 1000);

  SSL_set_bio(ssl, internalbio, internalbio);

  err = SSL_accept (ssl);                      // Must I make SSL connection
startup manually?

  int ret;

  ret = recv(sd, buf, 4000, 0);

  ret = BIO_write(networkbio, buf, ret);

  char buf2[4096];
  ret = BIO_read(networkbio, buf2, 4000);

  SSL_free(ssl);
  BIO_free(networkbio);

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]

Reply via email to