> I'm trying to implement an eap-tls server using openssl and
> I've found only few examples about using memory BIOs to
> perform a TLS handshake.
> Can you give me some pointer to documentation about this or
> to some examples?
>
> The code that I'm using is very simple:
>
> <openssl initialization>
> <...>
> SSL_set_accept_state(ssl);
>
> <when a packet is received>
> BIO_write(in_BIO, packet data, datalen);
> BIO_read(out_BIO, data, datalen);
> <send packet with data>
>
>
> Can this approach work?
Yes.
> Sometimes the read returns -1 (no data available), but
> it should give some data (e.g. the ServerHello).
> What I'm missing?
What you're missing is that the OpenSSL engine is the boss of what to do
when. You have to do four things, and you must do each one when the OpenSSL
engine tells you to:
1) You must receive encrypted data from the other end and hand it to
OpenSSL.
2) You must take encrypted data from OpenSSL and send it to the other
end.
3) You must take plaintext from the application and give it to OpenSSL
to
encryptd.
4) You must take plaintext from OpenSSL and process it.
Do not ever assume that because you did 1, you will next do 4. This
might
happen, but it might not. Assumptions will lead to deadlock.
DS
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
