How OpenSSL connections work

loic nicolas loicnicolas95 at hotmail.fr
Sun Mar 6 02:39:55 UTC 2022


Hello,

I can't figure out how OpenSSL connections work.

I would like to use 2 bios (rbio, wbio) which will be shared for all my connections.
The problem is that I really don't understand the error messages.
I never get an SSL_ERROR_WANT_WRITE error code, I only get SSL_ERROR_WANT_READ.

For example, for the handshake, whether I have to send or receive data, I only receive the error SSL_ERROR_WANT_READ.
(calls are blocking for simplicity)

int main()
{
       struct addrinfo hints, *result;
       memset(&hints, 0, sizeof(struct addrinfo));
       hints.ai_family = AF_UNSPEC;
       hints.ai_socktype = SOCK_STREAM;

       if (getaddrinfo("google.com", "443", &hints, &result) != 0) {
              printf("getaddrinfo error");
              exit(1);
       }

       int fd = -1;
       for (; result != nullptr; result = result->ai_next) {
              fd = socket(result->ai_family, result->ai_socktype, result->ai_protocol);
              if (fd < 0)
                     continue;
              int res = connect(fd, result->ai_addr, result->ai_addrlen);
              if (res == -1) {
                     continue;
              } break;
       }
       if (fd < 0) {
              printf("Connection error");
              exit(1);
       }
       freeaddrinfo(result);

       SSL_library_init();
       OpenSSL_add_all_algorithms();
       SSL_load_error_strings();
       ERR_load_BIO_strings();
       ERR_load_crypto_strings();
       SSL_CTX *ctx = SSL_CTX_new(SSLv23_method());

       BIO *rbio = BIO_new(BIO_s_mem());
       BIO *wbio = BIO_new(BIO_s_mem());
       SSL *ssl = SSL_new(ctx);
       SSL_set_bio(ssl, rbio, wbio);
       SSL_set_connect_state(ssl);

       int n;
       do {
              n = SSL_do_handshake(ssl);
              n = SSL_get_error(ssl, n);
              if (n == SSL_ERROR_WANT_READ) {
                     char buffer[4096];
                     int r = BIO_read(wbio, buffer, sizeof(buffer));
                     int error = SSL_get_error(ssl, r);
                     if (error == SSL_ERROR_WANT_READ) {
                            r = read(fd, buffer, sizeof(buffer));
                            BIO_write(rbio, buffer, r);
                     } else {
                            send(fd, buffer, r, 0);
                     }
              }
       } while (n != SSL_ERROR_NONE);
       printf("Connected");
}



How to manage the connection (with several sockets on the same bios) if I don't know if I have to send data or receive it according to the error message?

Thank you
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-users/attachments/20220306/d424be1c/attachment.htm>


More information about the openssl-users mailing list