堆栈内存溢出
  简体   繁体   English

SSL_Read / SSL_Write中的重新协商应该调用什么

[英]What should be called for re-negotiation in SSL_Read/SSL_Write

 原文  2016-06-04 10:33:29       c/ tcp/ https/ openssl/ epoll

问题描述

I'm trying to add OpenSSL into epoll, and the socket is in non-blocking mode. 我正在尝试将OpenSSL添加到epoll,并且套接字处于非阻止模式。 A question confusing me is that: SSL_read might yield SSL_ERROR_WANT_WRITE and SSL_write might yield SSL_ERROR_WANT_READ because of SSL renegotiation. 困惑我的一个问题是: SSL_read可能产生SSL_ERROR_WANT_WRITESSL_write可能产生SSL_ERROR_WANT_READ因为SSL重新协商。

So, my questions are: 因此,我的问题是:

  1. If SSL_read yield SSL_ERROR_WANT_WRITE , and I modify socket event to EPOLLOUT . 如果SSL_read产生SSL_ERROR_WANT_WRITE ,我将套接字事件修改为EPOLLOUT Then, when the socket become writable later, what should I call, SSL_read or SSL_write ? 然后,当套接字以后可写时,我应该调用SSL_readSSL_write吗? (the API doc said the same operation has to be repeated) (API文档说必须重复相同的操作)

  2. Similar to question (1), and the case is SSL_write yield SSL_ERROR_WANT_READ . 与问题(1)相似,情况是SSL_write产生SSL_ERROR_WANT_READ

  3. If SSL_read yields SSL_ERROR_WANT_WRITE , can I call SSL_send to send data next? 如果SSL_read产生SSL_ERROR_WANT_WRITE ,我可以调用SSL_send下一步发送数据吗? (TCP is full duplex, but it seems OpenSSL can't read and write Independently...) (TCP是全双工的,但是似乎OpenSSL无法独立读取和写入...)

  4. Similar to question (3), and the case is SSL_write yield SSL_ERROR_WANT_READ . 与问题(3)相似,情况是SSL_write产生SSL_ERROR_WANT_READ

Thanks a lot! 非常感谢!

1 个解决方案

解决方案1
 1  2016-06-04 10:48:18

You should restart the API you were attempting. 您应该重新启动您尝试的API。

Thus, if SSL_read issues WANT_WRITE , call SSL_read again when the socket becomes ready for write. 因此,如果SSL_read发出WANT_WRITE ,则在套接字准备好写入时再次调用SSL_read Similarly for SSL_write . 对于SSL_write同样。

The OpenSSL documentation only states that you need to repeat the call with the same arguments that were given when the blocking notification is given. OpenSSL文档仅声明您需要使用给出阻止通知时所提供的相同参数来重复调用。

WARNING 警告

When an SSL_read() operation has to be repeated because of SSL_ERROR_WANT_READ or SSL_ERROR_WANT_WRITE, it must be repeated with the same arguments. 当由于SSL_ERROR_WANT_READ或SSL_ERROR_WANT_WRITE而必须重复SSL_read()操作时,必须使用相同的参数来重复该操作。

Even though you want full-duplex operation, if the current operation is blocked pending a status, then you should queue up any new operations until the the blocked operation completes. 即使您要进行全双工操作,如果当前操作在等待状态之前被阻塞,则应将所有新操作排队,直到阻塞操作完成。 This way you will avoid potential problems entering the SSL stack with a different operation than the one that triggered the blocking notification. 这样,您将避免使用与触发阻止通知的操作不同的操作进入SSL堆栈的潜在问题。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 SSL_write() 和 SSL_read() 非阻塞问题 - SSL_write() and SSL_read() non-blocking problem 是否可以使用SSL_write和SSL_read发送结构? - Is it possible to send a struct with SSL_write and SSL_read? 当SSL_read()返回WANT_READ时调用SSL_write() - Calling SSL_write() when SSL_read() returned WANT_READ OpenSSL:在没有SSL_read()/ SSL_write()的情况下执行en / / decryption - OpenSSL: perform en-/decryption without SSL_read() / SSL_write() 在 openssl TLS1.3 中, SSL_write 会产生 SSL_ERROR_WANT_READ 吗? SSL_read 会产生 SSL_ERROR_WANT_WRITE 吗? - In openssl TLS1.3, will SSL_write yield SSL_ERROR_WANT_READ ? And will SSL_read yield SSL_ERROR_WANT_WRITE? SSL_read未收到 - SSL_read not receiving OpenSSL-SSL_write问题 - OpenSSL - SSL_write problem SSL_read 无限期阻止 - SSL_read blocks indefinitely OpenSSL SSL_write 抛出写入失败 - OpenSSL SSL_write throws Writing failed 带有 TCP 流的 TLS/SSL 中的 ssl_read() 不返回 BIO_write() 写入的整个缓冲区 - ssl_read() in TLS/SSL with TCP stream not returning the whole buffer written by BIO_write()
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM