Re: non-blocking example for Net::SSLeay

Mon, 30 Apr 2001 07:38:00 -0700 

[EMAIL PROTECTED] writes:
> I'm trying to write a tiny SSL webserver.  It would really
> help to have an example of how to set up and use non-blocking
> SSL calls with a select statement or similar.  The problem
> here is implementing CGI: the CGI script wants normal I/O
> through normal file descriptiors, and I see that it's my
> job to do SSL_read and copy the result into that file
> descriptor, and copy output from the CGI script into SSL_write.
> 
> I need to select() on the CGI processes output pipe, and the
> SSL input pipe, and service requests as they come in.
The sample code from my book on SSL includes a program that
uses select() on the terminal and on the SSL input pipe, which
is a pretty isomorphic problem. You can download it at:

        http://www.rtfm.com/sslbook/examples/

> Does the underlying BIO interface mean if I do a fcntl
> O_NONBLOCK on the NS (network socket) that SSL will somehow
> figure that out? 
Yes. The errors bubble up the stack to the SSL library.

> Maybe a new call: SSL_select($ssl,$readfds,$writefds,$exceptfds,$timeout)
> what it might do internally is do a select on the ssl network
> socket read and the rest of the $readfs, but loop around and
> try again if the network socket read didn't complete a pending
> SSL_read? 
You could do this, but it would interfere with other pieces
of software that want to run the event loop (X programs, for
instance, often want to).

> Can  SSL writes not be similarly monitored,
> they can just be set as nonblocking?
The basic problem you're facing is that SSL reads and writes must
happen at record boundaries, so, for instance, just because there's
data on the pipe doesn't mean that an entire record is ready to read.
Your program really has to be prepared to handle the situation where
even though select() says things are ready, they're not.  There's
pretty extensive discussion of the details of using select() with
OpenSSL in Chapter 8 of my book, which also (of course) includes
extensive documentation of the aforementioned sample code.

-Ekr

[Eric Rescorla                                   [EMAIL PROTECTED]]
Author of "SSL and TLS: Designing and Building Secure Systems"
                  http://www.rtfm.com/
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]

Reply via email to