Okay, u r writing the client, so you need to do connect, now ssl_connect is going to do the complete SSL handshake, which involves multiple read and writes, now since you are using memory bios, ssl connect is going to read from the r_membio and write into the w_membio. The data has to go out the tcp fd you have created and connected with the server. So its ur duty to take data out the w_membio and do a tcp_send(). That is what I meant by saying "write". Application data transfer may be initiated by your server once the ssl connect is thro. There are apis which tell if ssl connect is completed and ssl connect itself will return ssl_success, until then u will be getting the want_read and want_write error codes, so your state machine would be in the "connect pending" state until ssl connect returns success. Please understand that SSL_Connect itself will be called multiple times in the asyn architecture.
BTW if the protocol nego has failed, perhaps you need to see what the server supports, maybe it understands only tls and not sslv3 etc. thanks --Gayathri On Wed, May 25, 2011 at 10:12 AM, Harshvir Sidhu <hvssi...@gmail.com> wrote: > Thanks Gayatri. > This is what i am doing, but i dont have any buffer to send initially, my > data transfer start from server side. > What i was doing is, calling SSL_connect after initialization and then in > the socket read and write code, i was doing encrypt and decrypt accordingly, > but the very first moment i send data to s_server, it gives error, "unknown > protocol" > Thanks. > > // Harshvir > On Wed, May 25, 2011 at 10:02 AM, Gayathri Sundar <suraj...@gmail.com>wrote: > >> So finally u have agreed to my initial suggestion of state machines :) >> >> The basic steps in terms of am algorithm are as follows >> >> A. Create the ssl ctx and ssl. Obj >> B. Create a pair of memory bios and attach them to the ssl obj, one is >> for read and the other is for write. >> C. Create the tcp fds and complete the tcp handshake >> D. Once tcp connect is done, u have an fd on which u receive and send >> data >> E. Initialize ur state machine for ssl connect pending >> F. Take the buffer to be sent, copy it to the memory write bio, >> encrypt it using ssl connect, then do a tcp send >> G. While still connect pending, do tcp read, copy to read bio, call >> ssl connect to decrypt. >> >> Thanks >> --Gayathri >> >> On Wednesday, May 25, 2011, Harshvir Sidhu <hvssi...@gmail.com> wrote: >> > Hi, >> > I am trying to implement State Machine based on the demo application, >> that is a server code. >> > Like i am writting the client side. >> > So when i try to do handshake, by calling SSL_connect, which i have >> used memory bios, after that i check for data available, and then i read >> data and send to server, on server side i am getting error. >> > >> > 180:error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown >> protocol:.\ssl\s23_srvr.c:584: shutting down SSL >> > >> > My question is which is a good place to do handshake in case we use >> state machine, i am doing just after initializing ctx and ssl, and then i >> send data 1 time and in performing rest of operations in my receive >> callback, but s_server give me error on first packet only. >> > >> > >> > Thanks. >> > >> > // Harshvir >> > >> > 2011/5/25 Michael Ströder <mich...@stroeder.com> >> > >> > Eric S. Eberhard wrote: >> > or ... keep it simple and at least consider using stunnel. >> > >> > I use stunnel myself in some situations. It's a great tool. >> > >> > But bear in mind that the application then has no access to >> authentication information of the SSL layer. >> > >> > Ciao, Michael. >> > >> > >> > >> > ______________________________________________________________________ >> > OpenSSL Project http://www.openssl.org >> <http://www.openssl.org/> >> > User Support Mailing List openssl-users@openssl.org >> > Automated List Manager majord...@openssl.org >> > >> > >> ______________________________________________________________________ >> OpenSSL Project http://www.openssl.org >> User Support Mailing List openssl-users@openssl.org >> Automated List Manager majord...@openssl.org >> > >
