> Basically, I don't really want any calls to require more than a > context that needs to be maintained - I don't want to hand my data off > to the API and have to come back to it at some arbitrary later time, > having it buffered and/or queued by mechanisms built into the openssl > api. I expect the API to do one thing and one thing only: provide me > the necessary information to handle an SSL connection. Not handle it > for me. > > Not sure if I'm asking this well... > > -Aaron
Unfortunately, that's not really possible. The SSL protocol is not simple enough to be implemented that way, and in any event, OpenSSL doesn't do that. What OpenSSL will give you is a black box with four 'hooks'. When you read encrypted data from the socket, you can put it on one of the four hooks. There is a hook on which you can find encrypted outbound data which you can then write to the socket. There is another hook on which you can find decrypted application data. And lastly, there is a hook on which you can put plaintext to be encrypted and sent. The less you try to look inside the OpenSSL black box, in my experience, the better. Think of these as four independent data streams. You push and pull encrypted data between the socket and the two encrypted hooks to make the SSL engine go, and then you can use the two decrypted hooks much like a TCP connection. DS ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
