> David
>
> can't understand
> ""Incorrect. The 'SSL_write' function is the function to send
> unencrypted data over the SSL link. It has nothing to do with the
> encrypted data the SSL engine wants to write to the socket.""
> When we do SSL_write the i/p is unencrypted data and this gets send
>
David
can't understand
""Incorrect. The 'SSL_write' function is the function to send
unencrypted data over the SSL link. It has nothing to do with the
encrypted data the SSL engine wants to write to the socket.""
When we do SSL_write the i/p is unencrypted data and this gets send
over the SSL l
> > If you get a 'select' hit, whether for readability or
> > writability, you
> >should retry *all* operations, whether reads or writes.
> > (Obviously, don't
> >call SSL_write unless you have some data to write!)
> > Again, I also recommend trying an SSL_read on any hit,
> > whether for
Original message
>Date: Tue, 22 Aug 2006 12:22:37 -0700
>From: "David Schwartz" <[EMAIL PROTECTED]>
>Subject: RE: Wrapping SSL_read/SSL_write so they behave like
read/write.]
>To:
> You should 'select' for writability if and only if
> To answer my own question: No. Here is an amended version.
While I believe your code is okay, it can be improved in a few ways. It
contains some assumptions that are not always true, and it will work better
without those assumptions.
> > for(cp = connobjs; cp; cp = cp->next)
> >
Hello,
> >You may use select() but with some care.
> >Simplest way is to:
> > 1) wait on select()
> > 2) read hit from SSL descriptor occur
> > 3) read incrementally with SSL_read() from that descriptor until
> >WANT_READ
> > (or in other words - get all data from SSL read buffer)
> > 4) go to se
Original message
>Date: Tue, 22 Aug 2006 15:00:46 +0200
>From: Marek Marcola <[EMAIL PROTECTED]>
>Subject: Re: Wrapping SSL_read/SSL_write so they behave like
read/write.]
>To: openssl-users@openssl.org
>You may use select() but with some care.
>Simplest
On Tue, Aug 22, 2006 at 12:06:29PM -0400, Steven Young wrote:
> On Tue, Aug 22, 2006 at 03:00:46PM +0200, Marek Marcola wrote:
> > You may use select() but with some care.
> > Simplest way is to:
> > 1) wait on select()
> > 2) read hit from SSL descriptor occur
> > 3) read incrementally with SSL
On Tue, Aug 22, 2006 at 03:00:46PM +0200, Marek Marcola wrote:
> You may use select() but with some care.
> Simplest way is to:
> 1) wait on select()
> 2) read hit from SSL descriptor occur
> 3) read incrementally with SSL_read() from that descriptor until
> WANT_READ
>(or in other words - g
Do something like this for a SSL_read() and something very similar for
SSL_write() and SSL_shutdown(), etc. (I'm assuming non-blocking sockets):
-
totalbytesread=0;
stop='n';
unsigned
Hello,
> Pardon me, I think I'm a little thick today. I get what you're
> all saying but I'm still not 100% sure of how this should be applied.
> Here's the program flow, without SSL:
>
> while(!quit) {
> for(i in all file descriptors) {
> if(we have something buffered up to say to the s
Apologies if this is a duplicate; I was messing around with my e-mail
yesterday and it was broken for a while. I didn't see this go through.
On Sun, Aug 20, 2006 at 06:54:36PM -0400, Joe Flowers wrote:
> It means call exactly the same SSL function you just did with the exact
> same paramete
> If you get SSL_ERROR_WANT_WRITE, even if you have no application data
> to send, the protocol itself requires data to be written
Correct.
> -- so you
> need to call SSL_write().
Incorrect. The 'SSL_write' function is the function to send unencrypted
data over the SSL link. I
> Encapsulated SSL data comes in records/packets. When you select()
> some descriptor for read, and select() gives you such hit you start
> reading data from SSL buffers. And now we may have some problems.
> If you will retry SSL_read() until you will get WANT_READ then
> you will get all data fro
Joe Flowers wrote:
It means the exactly same SSL function you just did with the exact
same parameters as you ust did that produced this SSL_ERROR_WANT_WRITE
return. Again, it's clearly explained in the docs.
Joe
Good grief. Pardon my grammar.
The sentence should have read:
It means call exa
I wouldn't advise that. Read the docs:
"When calling |SSL_write()| with num=0 bytes to be sent the behaviour is
undefined."
I still stand by me first reply on this thread, as I believe it follows
directly from the docs.
Read the docs on SSL_read() and SSL_write().
SSL_ERROR_WANT_WRITE does n
If you get SSL_ERROR_WANT_WRITE, even if you have no application data
to send, the protocol itself requires data to be written -- so you
need to call SSL_write(). If you get SSL_ERROR_WANT_READ, even if
you're writing application data, that means that the protocol itself
is requiring data to be r
Hello,
> On Sun, Aug 20, 2006 at 07:46:26PM +0200, Marek Marcola wrote:
> > I've forget to pay your attention on other problem that may appear
> > with code like:
> >
> > do {
> > ret = SSL_read(sslobject, buf, bufsz);
> > err = SSL_get_error(sslobject, ret);
> > } while (ret <= 0 && (
On Sun, Aug 20, 2006 at 07:46:26PM +0200, Marek Marcola wrote:
> I've forget to pay your attention on other problem that may appear
> with code like:
>
> do {
> ret = SSL_read(sslobject, buf, bufsz);
> err = SSL_get_error(sslobject, ret);
> } while (ret <= 0 && (err == SSL_ERROR_WANT_R
Hello
> On Sat, Aug 19, 2006 at 11:58:27PM +0200, Marek Marcola wrote:
> > In this situation calling SSL_read() next time is enough
> > (SSL layer will continue to write its own data and after this
> > read real data) but this SSL_read() should be performed
> > when socket descriptor is ready fo
> I'm a little unclear on how this should be implemented.. so if I call
> SSL_read, get -1 back, and err = SSL_ERROR_WANT_READ, do I just call
> SSL_read again?
No. That error is telling you that you need to wait until the socket is
(again) readable.
> Because that's what I've been doing
On Sat, Aug 19, 2006 at 11:58:27PM +0200, Marek Marcola wrote:
> In this situation calling SSL_read() next time is enough
> (SSL layer will continue to write its own data and after this
> read real data) but this SSL_read() should be performed
> when socket descriptor is ready for write now.
Hello,
> > You should change loop ending condition - this loop should end
> > when SSL_ERROR_WANT_READ or SSL_ERROR_WANT_WRITE occur because
> > this errors may be returned on non-blocking sockets on SSL_read()
> > and on SSL_write(). On normal use this will happen mostly where
> > re-handshake is
On Sat, Aug 19, 2006 at 05:44:35PM -0400, Steven Young wrote:
> You're right; I don't want blocking behaviour. The non-SSL part
> of the code solves this by select()ing on the readable file descriptors
> and only calling read() when there is something to be read.
To give you an idea of what's
On Sat, Aug 19, 2006 at 10:27:52PM +0200, Marek Marcola wrote:
> I'm not sure if this is good solution because this will give
> you semi-blocking behaviour (we are only in non-blocking wrapper
> and checking for read/write is done by select() in "upper" layer).
You're right; I don't want blockin
Hello,
> You need to put select(ready to read or write) inside each (BOTH
> SSL_read() and SSL_write()) of your while loops at the beginning, and
> then cycle on WANT_READ or WANT_WRITE for BOTH SSL_read() and
> SSL_write() loops.
>
> You're getting high utilization because you are not putting
Steve,
You need to put select(ready to read or write) inside each (BOTH
SSL_read() and SSL_write()) of your while loops at the beginning, and
then cycle on WANT_READ or WANT_WRITE for BOTH SSL_read() and
SSL_write() loops.
You're getting high utilization because you are not putting select
i
27 matches
Mail list logo
