[openssl-users] Root-Level queries while using SSL-connections wrapping "sockets"

Ajay Garg ajaygargnsit at gmail.com
Fri Oct 7 06:58:46 UTC 2016


Victor,

I realise I am still stuck with the original issue.

Taking "bio1" as the SSL-facing-bio, and "bio2" as the
network-facing-bio, how do we write-into/read-from "bio2"?
Are there callbacks available that will allow ::

   * Writing to network via "bio2" (after "bio1" has
internally-transferred the bytes to "bio2") ?
   * Reading from network via "bio2" (after which "bio1" can
internally-pick-up the bytes from "bio2") ?

Also, how do "bio1" and "bio2" communicate in case of non-ideal
scenarios (timeouts, errors)?

On Fri, Oct 7, 2016 at 10:09 AM, Ajay Garg <ajaygargnsit at gmail.com> wrote:
> On Fri, Oct 7, 2016 at 9:19 AM, Viktor Dukhovni
> <openssl-users at dukhovni.org> wrote:
>> On Fri, Oct 07, 2016 at 08:51:24AM +0530, Ajay Garg wrote:
>>
>>> However, I am a bit unsure about certain implementations.
>>> In particular (let's talk only about the client-side), I wonder how do
>>> the following methods work internally ::
>>>
>>>
>>>       * SSL_connect (implicitly involving underlying-socket-reads and
>>> underlying-socket-writes)
>>
>> Correct.
>>
>>>       * SSL_write (involving underlying-socket-writes)
>>
>> This can also involve socket reads, e.g. when the peer requests
>> renegotiation.  Hence, on non-blocking sockets this can fail with
>> SSL_ERROR_WANT_READ.  The application should then retry the write
>> (generally with the identitical data) when the socket becomes
>> *readable*.
>>
>>>       * SSL_read (involving underlying-socket-reads)
>>
>> This can also involve socket writes, e.g. when the peer requests
>> renegotiation.  Hence, on non-blocking sockets this can fail with
>> SSL_ERROR_WANT_WRITE.  The application should then retry the read
>> when the socket becomes *writable*.
>>
>>> We have a framework which we have ported to a variety of devices,
>>> involving GPRS-connectivity, and devices without operating-systems.
>>> I know that there is "no one universal socket-write" and "no one
>>> universal socket-read" implementations.
>>
>> No idea what "root-level" means.  Perhaps you mean something
>> analogous to a system-call?  If so OpenSSL can either be handed
>> the socket to use, or plugged into some other way of moving data
>> via the BIO pair interface.
>>
>>     https://www.openssl.org/docs/manmaster/crypto/BIO_s_bio.html
>
>
> Ahhhh.... let me have a look.. I think this will fit in :)
>
>>
>> --
>>         Viktor.
>> --.
>> openssl-users mailing list
>> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
>
>
>
> --
> Regards,
> Ajay



-- 
Regards,
Ajay


More information about the openssl-users mailing list