[openssl-users] Means to update read bio only
Matt Caswell
matt at openssl.org
Sat Feb 7 14:33:40 UTC 2015
On 06/02/15 21:46, Matt Caswell wrote:
>
>
> On 06/02/15 15:48, Susan Hinrichs wrote:
>> Hello,
>>
>> In Apache Traffic Server we are primarily using SSL_accept and
>> SSL_read/SSL_write with file descriptor bios.
>>
>> But during the handshake, we need to feed in our own packets via
>> read-only buffers. We use the BIO mem_buf to pass along this data
>> without incurring another copy. But on each read during the handshake,
>> we need to reset the read bio. We leave the write bio as the file
>> descriptor bio the whole time.
>>
>> I originally tried to use SSL_set_bio(ssl, new_rbio, SSL_get_wbio(ssl)),
>> but that would adjust the output buffering and the handshake would not
>> complete.
>>
>> So we created a SSL_set_rbio(ssl, new_rbio), that just frees the old
>> rbio and sets the new one. It leaves the wbio and the bbio alone.
>>
>> This has worked well for us for a couple releases, but looking forward
>> to openssl 1.1, we will no longer be able to use this approach. Can
>> someone point me to the preferred way of updating a read bio without
>> affecting the write bio processing?
>
>
> Hmmmm... that's a good question. I don't think you can set just the rbio
> by itself.
>
> I wonder if maybe we extended SSL_set_bio, so that you could do this:
>
> SSL_set_bio(s, rbio, NULL);
>
> I'll look into it.
>
> This would be a good item to add to Rich's wiki page.
>
I've just pushed a new commit to master (1.1.0), that adds SSL_set_rbio,
and SSL_set_wbio as new API functions along with some associated
documentation.
Matt
More information about the openssl-users
mailing list