Hello Victor, Just want to clarify. Should the complete code look like this ?
ctx = SSL_ctx_new(); myssl = SSL_new(ctx); BIO_new_bio_pair(app_bio, 0, net_bio, 0); SSL_set_bio(myssl, app_bio, app_bio); n = SSL_write(myssl, buffer, len); err = SSL_get_error(myssl, n); BIO_read(net_bio, buf, size); /* encrypted */ write(fd, buf, size); Sorry I am not experienced on SSL programming, and I need to be explicit on the example. Thanks --Andrew 2009/5/28 Victor Duchovni <victor.ducho...@morganstanley.com>: > On Thu, May 28, 2009 at 02:48:34PM -0400, Aaron Wiebe wrote: > >> On Tue, May 26, 2009 at 5:27 PM, Victor Duchovni >> <victor.ducho...@morganstanley.com> wrote: >> > On Tue, May 26, 2009 at 05:02:59PM -0400, Aaron Wiebe wrote: >> > >> >> >> You're looking for a BIO_s_mem. >> >> > >> >> > No, he is looking for BIO_new_bio_pair(3) and SSL_set_bio(3). >> >> So, apologies for hammering this down, but I'm still a little fuzzy >> and the documentation is lacking.. >> >> This would be in theory how to perform this work: >> >> ctx = SSL_ctx_new(); >> myssl = SSL_new(ctx); >> BIO_new_bio_pair(app_bio, 0, net_bio, 0); >> SSL_set_bio(myssl, app_bio, app_bio); >> >> Now, for a write sequence... >> >> BIO_write(app_bio, buffer, len); /* unencrypted */ > > > NO! You call > > n = SSL_write(myssl, buffer, len); > err = SSL_get_error(myssl, n); > > "err" may be SSL_ERROR_WANT_READ or SSL_ERROR_WANT_WRITE, in which case > you must retry the write again later, after there is room. > > On success (n>=0), or with WANT_READ/WANT_WRITE, arrange to move data from > the network bio to the peer and from the peer to the network bio. This > activity may be asynchronous if you are using non-blocking sockets with > select/epoll/... in an event loop. In that case you mark the socket for > read/write interest with appropriate callbacks. > >> BIO_read(net_bio, buf, size); /* encrypted */ >> write(fd, buf, size); >> >> and the same in reverse: >> >> len = recv(fd, &buf, size); >> BIO_write(net_bio, buf, len); >> len = BIO_read(app_bio, buffer, size); > > No. SSL is not a pipe, it is a state machine with 4 I/O ports. > > -- > Viktor. > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List openssl-us...@openssl.org > Automated List Manager majord...@openssl.org > > ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
