The SSL socket and the raw socket are not two different physical descriptors. By using SSL_set_fd you are merely associating the file descriptor with the higher level SSL protocol. SSL needs the physical socket you created to do its own I/O on.
My application (previously non-SSL enabled, we added SSL to it) has exactly the same configuration: a socket produced by a regular socket() or accept() call, which is then linked to an SSL session. But the original descriptor must not be closed, as far as I know. you could do some encapsulation of the socket descriptor and the SSL session. Or: you don't have to remember the socket descriptior until close time: you can use SSL_get_fd() call to retrieve the descriptor at that time; then you call close() with the retrieved value. I haven't tried this but it looks like it will work. like perhaps: newSocket = accept(); newSSLSocket = NewSSLSocket(); SSL_set_fd( newSSLSocket, newSocket ); .... ..... do stuff with SSL socket s = SSL_get_fd(newSSLsocket); SSL_shutdown( newSSLScoket); close( s ); Dave Dave McLellan --Consulting Software Engineer - SPEA Engineering EMC Corporation 228 South St. Mail Stop: 228 LL/AA-24 Hopkinton, MA 01748 USA +1-508-249-1257 F: +1-508-497-8030 [EMAIL PROTECTED] -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Perry L. Jones Sent: Friday, November 18, 2005 10:09 AM To: openssl-users@openssl.org Subject: SSL_set_fd Question hello, In my code I have a normal socket and I am using SSL_set_fd to turn it into an SSL socket. After I have make it an SSL socket I no longer need or want to the original socket. I have tried closing it after the SSL_set_fd but this make the SSL socket no good. What I want is to have only one socket reference to manage and close when my process is done. I don't want to keep track of both the normal socket and the SSL socket for closing in the end. I have tried closing the SSL socket after it has been set but this does not close the original socket. Currently working code flow: newSocket = accept(); newSSLSocket = NewSSLSocket(); SSL_set_fd( newSSLSocket, newSocket ); .... ..... do stuff with SSL socket SSL_shutdown( newSSLScoket) close( newSocket ); I would like a flow like this if possible ( this flow does not work I am not allowed to close the original socket): newSocket = accept(); newSSLSocket = NewSSLSocket(); SSL_set_fd( newSSLSocket, newSocket ); close( newSocket ); .... ..... do stuff with SSL socket SSL_shutdown( newSSLScoket); I would welcome any suggestions. Thanks, Perry ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
