I'm asking this question because I am unsure whether an SSL object treats a socket as a sink/source for messages like it does with a BIO object. My gut is telling me yes, but I'm not certain.
Goal: I am integrating a SSL authentication into already existing TCP code. Rather than calling the conventional send()/receive(), I would like to direct the messages through OpenSSL's SSL_read()/SSL_write() instead. My other requirement is that communication is non-blocking and data can be partially sent.
Here's how I've associated the SSL object with the socket (Server code).
SSL_Init(std::wstring &peer_hostname, SOCKET sock){
//...
//Initialize SSL structure
ssl = SSL_new(context);
if (ssl == NULL){
mr = APPZRETURN(E_FAIL, L"%ls (%d) : SSL_new failed. Unable to create SSL structure", __FUNCTIONW__, __LINE__);
}
//Agent uses winsock class, but OpenSSL uses unix socket. Surpressed warning added here for 4244. It works
if (SSL_set_fd(ssl, sock) == 0){ //set file descriptor for ssl
//Operation failed
return -1;
}
//...
int status = SSL_accept(ssl);
SSL_set_mode(ssl, SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER|SSL_MODE_ENABLE_PARTIAL_WRITE);
//...
}
According to the documentation for SSL_read() [ https://www.openssl.org/docs/ssl/SSL_read.html] , the SSL is non-blocking if the underlying BIO is non-blocking. If my assumption is correct, does that mean if the socket is non-blocking, the SSL is as well?
Extension of my Question : Is a winsock tcp socket non-blocking by default (assuming I have created a TCP socket, but have not called ioctlsocket and set non-blocking mode)
Thank you for taking the time to read this. It's much appreciated.
If my assumption is correct, does that mean if the socket is non-blocking, the SSL is as well?
Yes.
Is a winsock tcp socket non-blocking by default (assuming I have created a TCP socket, but have not called ioctlsocket and set non-blocking mode)
Unix sockets are by default blocking. Haven't used Winsock. But am sure Winsock should be by default blocking.
try following code:
SSL_set_fd(ss, sock);
retry:
int ret = SSL_accept(ssl);
if (ret != 1) {
int err = SSL_get_error(ssl, ret);
if (err == SSL_ERROR_WANT_READ || SSL_ERROR_WANT_WRITE) {
// maybe need some sleep or select
goto retry;
}
}
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.