Hi , my application can not use the socket calls . The data would be fed to the application directly by a sniffer. Hence socket based calls should not be used in our application. Hence I guess BIO calls abstracted over the memory buffer need to be used for our application. (the application has code derived from the OpenSSL. ). Am i right? And I find the statments such as SSL_write(con,&(buf[l]),(unsigned int)i) in the OpenSSL code. But now con is just a conncetion object. It is not even attached to the socket. So how does SSL_write ensure that the SSL data is transferred to the server? If you could give me the secuence that happens when SSL_write / SSL_read is called and BIO_read/BIO write is called it would be of great help to me. ie how the data flows from the client to the SSL session and then to the socket and then received at the server - if you could give me the secquence of all this, it would help me greatly in understanding the OpenSSL bio objects.
Regards, Prashanth On Thu, Sep 25, 2008 at 9:13 AM, David Schwartz <[EMAIL PROTECTED]>wrote: > > > I am new to the OpenSSL environment. I would like to know from > > the experts here about the BIO_read and BIO_write and the > > SSL_read and SSL_write. > > The BIO_read and BIO_write functions read from or write to a BIO, which is > an abstraction for a buffered I/O object. The SSL_read and SSL_write > functions read from or write to an SSL connection. > > While there is some overlap between their capabilities, generally you > should > choose the function that best reflects which of these things you're trying > to do. > > > After a BIO object is created and associated with the i/o, > > only BIO_read and BIO_write may be used. > > Once you associate a BIO object that represents a network connection with > an > SSL session, you wouldn't want to read or write from that BIO object > directly. That would mess up the SSL connection. > > > However why is that the SSL_read and SSL_write are still used even > > after the creation of BIO and after it is associated with a socket? > > To read and write to the SSL connection. You don't want to read from the > socket, that would screw up the SSL connection that's trying to do exactly > that. > > > Actually my intention is to replace the socket dependent calls > > totally from the OpenSSL and replace them with the buffer based > > calls. Is this possible? > > It's not clear what you mean. An SSL connection has two halves. There's the > "application<-> SSLengine" part and the "SSLEngine <-> Socket" part. Which > part are you talking about? If the "SSL Engine <-> Socket" part, then BIO > pairs is probably what you want. > > > I understand here that socket dependent calls are the > > SSL_read and SSL_write. > > No. SSL_read and SSL_write churn the SSL engine. This may or may not cause > the SSL engine to make calls to BIO_read and BIO_write the underlying > socket > BIOs. > > > And BIO_read and BIO_write are buffer based calls? > > Yes. > > > How the BIO_read and SSL_read are related? > > They both read from a stream-like thing. > > DS > > > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List openssl-users@openssl.org > Automated List Manager [EMAIL PROTECTED] >
