<div dir="ltr"><br><div class="gmail_extra"><br><div class="gmail_quote">On Mon, Oct 10, 2016 at 2:47 PM, Ajay Garg <span dir="ltr"><<a href="mailto:ajaygargnsit@gmail.com" target="_blank">ajaygargnsit@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr"><br><div class="gmail_extra"><br><div class="gmail_quote"><span class="gmail-">On Mon, Oct 10, 2016 at 1:31 PM, Viktor Dukhovni <span dir="ltr"><<a href="mailto:openssl-users@dukhovni.org" target="_blank">openssl-users@dukhovni.org</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><span><br>
> On Oct 10, 2016, at 3:52 AM, Ajay Garg <<a href="mailto:ajaygargnsit@gmail.com" target="_blank">ajaygargnsit@gmail.com</a>> wrote:<br>
><br>
> If(BIO_should_read(socket->ssl<wbr>_bio) != 0)<br>
><br>
> If(BIO_should_write(socket->ss<wbr>l_bio) != 0)<br>
<br>
</span>In Postfix, we don't bother with the application layer ssl_bio,<br>
and just do SSL_read()/SSL_write() directly.  You only need this<br>
if you specifically want a BIO API to SSL.<br></blockquote></span></div></div></div></blockquote><div><br></div><div>I am sorry, but I don't get this :(<br><br><br></div><div>In broad words, is there anything wrong in ::<br><br></div><div>    int rc = BIO_write(socket->ssl_bio) / BIO_read(socket->ssl)<br><br></div><div>followed by<br><br></div><div>    if(rc < 0)<br>    {<br></div><div>              <span class="gmail-"><span>If(BIO_should_read(socket->ssl<wbr>_bio) != 0)<br>              {<br>              }<br>              </span></span><span class="gmail-"><span>If(BIO_should_write(socket->ssl<wbr>_bio) != 0)<br>              {<br>              }<br>     }<br><br>?<br></span></span></div><div> <br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr"><div class="gmail_extra"><div class="gmail_quote"><span class="gmail-"><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<span><br>
> With this, I could get the entire end-to-end workflow to work !!!!<br>
<br>
</span>You might not be done yet.  Is the client verifying the server<br>
certificate including name checks?  Just doing TLS, without<br>
certificate checks, only protects against passive attacks.<br></blockquote><div><br></div></span><div>Thanks Viktor.<br><br></div><div>I will add this "enhancement", once I complete the code, in a manner that is portable across "any" device.<br></div><div>Please expect a few questions from me on other threads :P<br><br><br></div><div>Thanks and Regards,<br></div><div>Ajay<br></div><span class="gmail-"><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<div class="gmail-m_-6885925363442466200HOEnZb"><div class="gmail-m_-6885925363442466200h5"><br>
--<br>
        Viktor.<br>
<br>
--<br>
openssl-users mailing list<br>
To unsubscribe: <a href="https://mta.openssl.org/mailman/listinfo/openssl-users" rel="noreferrer" target="_blank">https://mta.openssl.org/mailma<wbr>n/listinfo/openssl-users</a><br>
</div></div></blockquote></span></div><span class="gmail-HOEnZb"><font color="#888888"><br><br clear="all"><br>-- <br><div class="gmail-m_-6885925363442466200gmail_signature">Regards,<br>Ajay<br></div>
</font></span></div></div>
</blockquote></div><br><br clear="all"><br>-- <br><div class="gmail_signature">Regards,<br>Ajay<br></div>
</div></div>