[openssl-users] Getting the retry reason for a "failed" BIO_write/BIO_read

Ajay Garg ajaygargnsit at gmail.com
Mon Oct 10 09:17:54 UTC 2016


On Mon, Oct 10, 2016 at 1:31 PM, Viktor Dukhovni <openssl-users at dukhovni.org
> wrote:

>
> > On Oct 10, 2016, at 3:52 AM, Ajay Garg <ajaygargnsit at gmail.com> wrote:
> >
> > If(BIO_should_read(socket->ssl_bio) != 0)
> >
> > If(BIO_should_write(socket->ssl_bio) != 0)
>
> In Postfix, we don't bother with the application layer ssl_bio,
> and just do SSL_read()/SSL_write() directly.  You only need this
> if you specifically want a BIO API to SSL.
>
> > With this, I could get the entire end-to-end workflow to work !!!!
>
> You might not be done yet.  Is the client verifying the server
> certificate including name checks?  Just doing TLS, without
> certificate checks, only protects against passive attacks.
>

Thanks Viktor.

I will add this "enhancement", once I complete the code, in a manner that
is portable across "any" device.
Please expect a few questions from me on other threads :P


Thanks and Regards,
Ajay

>
> --
>         Viktor.
>
> --
> openssl-users mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
>



-- 
Regards,
Ajay
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20161010/490d6a0a/attachment.html>


More information about the openssl-users mailing list