[openssl-users] Means to update read bio only

Susan Hinrichs shinrich at ieee.org
Fri Feb 6 15:48:36 UTC 2015


In Apache Traffic Server we are primarily using SSL_accept and 
SSL_read/SSL_write with file descriptor bios.

But during the handshake, we need to feed in our own packets via 
read-only buffers.  We use the BIO mem_buf to pass along this data 
without incurring another copy.  But on each read during the handshake, 
we need to reset the read bio.  We leave the write bio as the file 
descriptor bio the whole time.

I originally tried to use SSL_set_bio(ssl, new_rbio, SSL_get_wbio(ssl)), 
but that would adjust the output buffering and the handshake would not 

So we created a SSL_set_rbio(ssl, new_rbio), that just frees the old 
rbio and sets the new one.  It leaves the wbio and the bbio alone.

This has worked well for us for a couple releases, but looking forward 
to openssl 1.1, we will no longer be able to use this approach.  Can 
someone point me to the preferred way of updating a read bio without 
affecting the write bio processing?


More information about the openssl-users mailing list