Re: Wrapping SSL_read/SSL_write so they behave like read/write.

Sat, 19 Aug 2006 13:01:53 -0700 

Steve,
You need to put select(ready to read or write) inside each (BOTH SSL_read() and SSL_write()) of your while loops at the beginning, and then cycle on WANT_READ or WANT_WRITE for BOTH SSL_read() and SSL_write() loops. 


You're getting high utilization because you are not putting select 
inside the while loops.


Joe



Steven Young wrote:

  Hello,

  I'm writing a program which can be compiled either with SSL support or
without.  In order to limit the amount of #ifdef'ing I have to put
throughout the rest of my program, I'm trying to wrap SSL_read and
SSL_write so they can be treated like read/write on a regular socket.

  This is not meeting with much success.

  In the non-SSL case, I do connect(), set it nonblocking, and start
select()ing on the fd(s) that I have connected to.  This works okay.

  In the SSL case, I connect(), create a new context with SSL_new,
set it nonblocking, do SSL_set_fd, then do

 
  int ret;

  [...]
  do {
    ret = SSL_connect(sslobject);

    if(ret != 1) 
      err = ERR_get_error();
  } while (ret != 1 && (err == SSL_ERROR_WANT_READ || 
                           err == SSL_ERROR_WANT_WRITE));


  This part also seems to work okay.

  The part where everything falls apart is in my read/write wrappers.
They look like this:

  read_wrapper:
  [...]
  do {
    ret = SSL_read(sslobject, buf, bufsz);
    err = SSL_get_error(sslobject, ret);
  } while (ret <= 0 && (err == SSL_ERROR_WANT_READ));


  my write_wrapper looks pretty much the same, except s/read/write/, 
s/READ/WRITE/.  


  This and variations on these themes have given me a number of novel
results, such as the read loop eating 100% CPU time as SSL_read starts
to always return ret = -1 and error = SSL_ERROR_WANT_READ.  SSL_write
seems to be behaving a bit better.  I am mystefied as to why select()
would mark the fd as ready to read, and yet SSL_read returns nothing,
resulting in a 100% CPU loop.

  Is there some other way I should be doing this? I have tried putting


  if(ret <= 0 && (err == SSL_ERROR_WANT_WRITE)) 
    SSL_write(sslobject, NULL, 0):


  in my read loop after the err = ... statement, but it didn't do

anything.  


  If anybody can make any suggestions, or even point me to an example
of how this should be done, I would be much obliged.  Is there an
IRC channel for OpenSSL support?

  Thanks,
  Steve.

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager                           [EMAIL PROTECTED]




______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager                           [EMAIL PROTECTED]






















					Reply via email to