[英]What should be called for re-negotiation in SSL_Read/SSL_Write
I'm trying to add OpenSSL into epoll, and the socket is in non-blocking mode. 我正在尝试将OpenSSL添加到epoll,并且套接字处于非阻止模式。 A question confusing me is that:
SSL_read
might yield SSL_ERROR_WANT_WRITE
and SSL_write
might yield SSL_ERROR_WANT_READ
because of SSL renegotiation. 困惑我的一个问题是:
SSL_read
可能产生SSL_ERROR_WANT_WRITE
和SSL_write
可能产生SSL_ERROR_WANT_READ
因为SSL重新协商。
So, my questions are: 因此,我的问题是:
If SSL_read yield SSL_ERROR_WANT_WRITE
, and I modify socket event to EPOLLOUT
. 如果SSL_read产生
SSL_ERROR_WANT_WRITE
,我将套接字事件修改为EPOLLOUT
。 Then, when the socket become writable later, what should I call, SSL_read
or SSL_write
? 然后,当套接字以后可写时,我应该调用
SSL_read
或SSL_write
吗? (the API doc said the same operation has to be repeated) (API文档说必须重复相同的操作)
Similar to question (1), and the case is SSL_write
yield SSL_ERROR_WANT_READ
. 与问题(1)相似,情况是
SSL_write
产生SSL_ERROR_WANT_READ
。
If SSL_read
yields SSL_ERROR_WANT_WRITE
, can I call SSL_send
to send data next? 如果
SSL_read
产生SSL_ERROR_WANT_WRITE
,我可以调用SSL_send
下一步发送数据吗? (TCP is full duplex, but it seems OpenSSL can't read and write Independently...) (TCP是全双工的,但是似乎OpenSSL无法独立读取和写入...)
Similar to question (3), and the case is SSL_write
yield SSL_ERROR_WANT_READ
. 与问题(3)相似,情况是
SSL_write
产生SSL_ERROR_WANT_READ
。
Thanks a lot! 非常感谢!
You should restart the API you were attempting. 您应该重新启动您尝试的API。
Thus, if SSL_read
issues WANT_WRITE
, call SSL_read
again when the socket becomes ready for write. 因此,如果
SSL_read
发出WANT_WRITE
,则在套接字准备好写入时再次调用SSL_read
。 Similarly for SSL_write
. 对于
SSL_write
同样。
The OpenSSL documentation only states that you need to repeat the call with the same arguments that were given when the blocking notification is given. OpenSSL文档仅声明您需要使用给出阻止通知时所提供的相同参数来重复调用。
WARNING
警告
When an SSL_read() operation has to be repeated because of SSL_ERROR_WANT_READ or SSL_ERROR_WANT_WRITE, it must be repeated with the same arguments.
当由于SSL_ERROR_WANT_READ或SSL_ERROR_WANT_WRITE而必须重复SSL_read()操作时,必须使用相同的参数来重复该操作。
Even though you want full-duplex operation, if the current operation is blocked pending a status, then you should queue up any new operations until the the blocked operation completes. 即使您要进行全双工操作,如果当前操作在等待状态之前被阻塞,则应将所有新操作排队,直到阻塞操作完成。 This way you will avoid potential problems entering the SSL stack with a different operation than the one that triggered the blocking notification.
这样,您将避免使用与触发阻止通知的操作不同的操作进入SSL堆栈的潜在问题。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.