SSL_read() fails when using manually managed buffers

Viktor Dukhovni openssl-users at dukhovni.org
Wed Jan 4 16:15:20 UTC 2023


On Wed, Jan 04, 2023 at 07:55:14AM -0800, Christian Mazakas wrote:

> I'm using manually managed BIO pairs.

You've not understood how to use these.  With bio_pair plumbing, all
SSL_read/SSL_write operations eventually trigger SSL_ERROR_WANT_READ or
SSL_ERROR_WANT_WRITE errors, indicating that the the external side of
the BIO pair is empty or full.  *You* then have to explicitly fill or
drain the buffer, reading data from the peer or sending data to the
peer.

You can't connect the server SSL handle and client SSL handle to the
same bio pair.  They each need their own, and you'll need a loop copying
data between them.

Note also that an SSL_read() may generate also WANT_WRITE events, and
SSL_write() may generate WANT_READ events.  Your "fake" I/O loop needs
to handle any eventuality.

-- 
    Viktor.


More information about the openssl-users mailing list