[openssl-dev] Adding async support
Viktor Dukhovni
openssl-users at dukhovni.org
Wed Oct 7 13:29:05 UTC 2015
On Wed, Oct 07, 2015 at 10:46:26AM +0100, Matt Caswell wrote:
> I have also added async support to s_server and s_client through the new
> "-async" flag. The will set the SSL_MODE_ASYNC mode. In order to have an
> effect you will obviously also need an async engine (such as dasync)
> loaded through the "-engine" flag. Note that dasync will only be loaded
> dynamically and thus OpenSSL must be built "shared" for this to work.
>
> Documentation including some example code is available on all of this here:
> https://github.com/mattcaswell/openssl/blob/main-async/doc/crypto/ASYNC_start_job.pod
> https://github.com/mattcaswell/openssl/blob/main-async/doc/ssl/SSL_get_error.pod
> https://github.com/mattcaswell/openssl/blob/main-async/doc/ssl/SSL_get_async_wait_fd.pod
> https://github.com/mattcaswell/openssl/blob/main-async/doc/ssl/SSL_CTX_set_mode.pod
>
> I'd be interested to hear your thoughts.
Will existing applications doing non-blocking I/O with OpenSSL need
to be modified to handle SSL_ERROR_WANT_ASYNC? Or does that happen
only if they explicitly request "async mode"?
Should applications generally enable async mode because that might
be beneficial down the road? Or is this just for exotic hardware
not likely to be seen in most environments?
For example, should Postfix enable "async" support? It does timed
non-blocking TLS I/O and currently handles SSL_ERROR_WANT_{READ,WRITE}.
--
Viktor.
More information about the openssl-dev
mailing list