> From: owner-openssl-us...@openssl.org On Behalf Of Marcin Glogowski > Sent: Tuesday, 08 May, 2012 09:18
> Hello, > I have to write non blocking SSL/TLS server based on the > OpenSSL library. > I couldn't find any example/tutorial with this. > Please write me where can I find some client/server examples > or simple OpenSSL wrapper that make me able to do it. The nonblocking code I have is in a private application. There may well be a good wrapper but I don't have it. > Is it possible to use SSL_read/ SSL_write functions as non > blocking functions? Yes, and SSL_connect SSL_accept etc also. > I found some examples based on BIO - do really have to do it this way? All SSL_* connections actually use BIO, although it may be hidden. You can either: - create a connect-BIO or accept-BIO respectively, which actually creates a (connected) socket inside the BIO, and give that BIO to SSL_set_bio and it does I/O by calling the BIO which does socket I/O - create and open a socket (socket, connect, bind, listen, accept, etc.) and create a socket-BIO which wraps the socket, and give that BIO to SSL_* and then same as above - create and open a socket and call SSL_set_fd, which does exactly the above but a little more conveniently - create some other kind of BIO(s), like a BIO-pair, and give that/those to SSL_*. SSL_* does I/O by calling the BIO you are responsible for (somehow) turning those into real socket I/Os. I'm not sure if BIO-pair does nonblocking (I don't use it), and any custom BIO is up to you. If the socket in the BIO is nonblocking, set either by BIO_set_nbio or directly with fcntl or equivalent, then SSL_connect,read,write,etc calls that would block instead return -1 and your code must call SSL_get_error which then returns SSL_WANT_READ or SSL_WANT_WRITE. You should then retry the SSL_* call at such time as the socket is readable or writable; commonly you check with poll() or select(). Note any SSL_* protocol call can do both read and write and your code must handle both; see the man page for SSL_get_error and related. > My problem is I have to kill thread that operate with several > SSL connections gently without and the thread > Can't be blocked by any function. The above will do it. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
