[openssl-users] Non-blocking SSL_read/SSL_write: difference between renegociation and data famine
nicolas.brunie at kalray.eu
Mon Sep 12 17:12:42 UTC 2016
I am trying to implement bufferization of data on a SSL connection
at the application layer. To do so I implemented a wrapper to SSL_write,
which fills a buffer rather than sending data directly to SSL_write.
When the buffer is full the data is flushed in a call to SSL_write, but
when the buffer is not full I still want to ensure that the buffer will
be flushed eventually.
I have a difficulty in doing so, the thread buffering the data is
also the one calling SSL_read on the socket, I would like to prevent it
from being frozen if the call to SSL_read does not return (I think the
problem will be the same if two threads were doing SSL_write / SSL_read,
since I must ensure the SSL* is not used simultaneously)/
From what I could understand, if the BIO under SSL_read is non
blocking I am sure that SSL_read will return even if no data is
available (with a SSL_ERROR_WANT_READ error code) but the problem is
that I am not able to distinguish this error code from a possible
renegociation (which also returns SSL_ERROR_WANT_READ). While the
renegociation requires me to call SSL_read again with the same
parameters, a SSL_ERROR_WANT_READ allows me to flush my write buffer in
a SSL_write call, is not it ?
Thus my questions:
1. how can I distinguish a data famine from a renegociation occuring on
my SSL connection ?
1.2 In the case of a data famine, can I be sure SSL_read will return
"rapidly" (not block) if there is no complete data record to be processed ?
2. Using BIO_f_buffer, it seems there is a way to request OpenSSL to
buffer write data up until max Record size (setting buffer size from 4
to 16KB), is there a "OpenSSL way" to ensure the BIO_f_buffer will be
flushed periodically or must it be implemented externally ?
More information about the openssl-users