[openssl-users] Means to update read bio only

Matt Caswell matt at openssl.org
Fri Feb 6 21:46:32 UTC 2015



On 06/02/15 15:48, Susan Hinrichs wrote:
> Hello,
> 
> In Apache Traffic Server we are primarily using SSL_accept and
> SSL_read/SSL_write with file descriptor bios.
> 
> But during the handshake, we need to feed in our own packets via
> read-only buffers.  We use the BIO mem_buf to pass along this data
> without incurring another copy.  But on each read during the handshake,
> we need to reset the read bio.  We leave the write bio as the file
> descriptor bio the whole time.
> 
> I originally tried to use SSL_set_bio(ssl, new_rbio, SSL_get_wbio(ssl)),
> but that would adjust the output buffering and the handshake would not
> complete.
> 
> So we created a SSL_set_rbio(ssl, new_rbio), that just frees the old
> rbio and sets the new one.  It leaves the wbio and the bbio alone.
> 
> This has worked well for us for a couple releases, but looking forward
> to openssl 1.1, we will no longer be able to use this approach.  Can
> someone point me to the preferred way of updating a read bio without
> affecting the write bio processing?


Hmmmm... that's a good question. I don't think you can set just the rbio
by itself.

I wonder if maybe we extended SSL_set_bio, so that you could do this:

SSL_set_bio(s, rbio, NULL);

I'll look into it.

This would be a good item to add to Rich's wiki page.

Matt




More information about the openssl-users mailing list