Wrapping SSL_read/SSL_write so they behave like read/write.

Sat, 19 Aug 2006 12:54:13 -0700 

  Hello,

  I'm writing a program which can be compiled either with SSL support or
without.  In order to limit the amount of #ifdef'ing I have to put
throughout the rest of my program, I'm trying to wrap SSL_read and
SSL_write so they can be treated like read/write on a regular socket.

  This is not meeting with much success.

  In the non-SSL case, I do connect(), set it nonblocking, and start
select()ing on the fd(s) that I have connected to.  This works okay.

  In the SSL case, I connect(), create a new context with SSL_new,
set it nonblocking, do SSL_set_fd, then do
 
  int ret;
  [...]
  do {
    ret = SSL_connect(sslobject);
    if(ret != 1) 
      err = ERR_get_error();
  } while (ret != 1 && (err == SSL_ERROR_WANT_READ || 
                           err == SSL_ERROR_WANT_WRITE));

  This part also seems to work okay.

  The part where everything falls apart is in my read/write wrappers.
They look like this:

  read_wrapper:
  [...]
  do {
    ret = SSL_read(sslobject, buf, bufsz);
    err = SSL_get_error(sslobject, ret);
  } while (ret <= 0 && (err == SSL_ERROR_WANT_READ));

  my write_wrapper looks pretty much the same, except s/read/write/, 
s/READ/WRITE/.  

  This and variations on these themes have given me a number of novel
results, such as the read loop eating 100% CPU time as SSL_read starts
to always return ret = -1 and error = SSL_ERROR_WANT_READ.  SSL_write
seems to be behaving a bit better.  I am mystefied as to why select()
would mark the fd as ready to read, and yet SSL_read returns nothing,
resulting in a 100% CPU loop.

  Is there some other way I should be doing this? I have tried putting

  if(ret <= 0 && (err == SSL_ERROR_WANT_WRITE)) 
    SSL_write(sslobject, NULL, 0):

  in my read loop after the err = ... statement, but it didn't do
anything.  

  If anybody can make any suggestions, or even point me to an example
of how this should be done, I would be much obliged.  Is there an
IRC channel for OpenSSL support?

  Thanks,
  Steve.

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager                           [EMAIL PROTECTED]

Reply via email to