[openssl-users] Means to update read bio only

Susan Hinrichs shinrich at ieee.org
Mon Feb 9 15:15:00 UTC 2015


On 2/7/2015 8:33 AM, Matt Caswell wrote:
>
> On 06/02/15 21:46, Matt Caswell wrote:
>>
>> On 06/02/15 15:48, Susan Hinrichs wrote:
>>> Hello,
>>>
>>> In Apache Traffic Server we are primarily using SSL_accept and
>>> SSL_read/SSL_write with file descriptor bios.
>>>
>>> But during the handshake, we need to feed in our own packets via
>>> read-only buffers.  We use the BIO mem_buf to pass along this data
>>> without incurring another copy.  But on each read during the handshake,
>>> we need to reset the read bio.  We leave the write bio as the file
>>> descriptor bio the whole time.
>>>
>>> I originally tried to use SSL_set_bio(ssl, new_rbio, SSL_get_wbio(ssl)),
>>> but that would adjust the output buffering and the handshake would not
>>> complete.
>>>
>>> So we created a SSL_set_rbio(ssl, new_rbio), that just frees the old
>>> rbio and sets the new one.  It leaves the wbio and the bbio alone.
>>>
>>> This has worked well for us for a couple releases, but looking forward
>>> to openssl 1.1, we will no longer be able to use this approach.  Can
>>> someone point me to the preferred way of updating a read bio without
>>> affecting the write bio processing?
>>
>> Hmmmm... that's a good question. I don't think you can set just the rbio
>> by itself.
>>
>> I wonder if maybe we extended SSL_set_bio, so that you could do this:
>>
>> SSL_set_bio(s, rbio, NULL);
>>
>> I'll look into it.
>>
>> This would be a good item to add to Rich's wiki page.
>>
> I've just pushed a new commit to master (1.1.0), that adds SSL_set_rbio,
> and SSL_set_wbio as new API functions along with some associated
> documentation.
>
> Matt

Great!  Thanks for the addition.  I'll take it for a spin.

>
> _______________________________________________
> openssl-users mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users



More information about the openssl-users mailing list