Douglas Lee wrote:
> Hi Darkspell,
>
> I have 2 questions:
>
> 1) I have a multithreaded client which connects to the server using
> multiple sockets. How do I make the client verify the server certificate
> only once, say on the initial SSL_connect, and not for subsequent
> connects?
>
I think this will be the default if you are caching connection session
information.
>
> 2) The SSL_read/SSL_write API doesn't seems to support non-blocking IO. I
> Is it sufficient to set the underlying file descriptor for non-blocking IO
> and just use SSL_set_fd to enable this? And if I change the properties of
> the underlying file desc. can I just issue another SSL_set_fd to update
> the SSL socket?
SSL_read() and SSL_write() return -1 if there is no data to read or no buffer
space to write to when the underlying socket is in non-blocking mode. You
then need to check SSL_get_error() to narrow the condition down. If
SSL_get_error() returns either SSL_ERROR_WANT_READ or SSL_ERROR_WANT_WRITE
then you'll want to select() on the socket again and when the relevant
descriptor is ready you should call SSL_read() or SSL_write() again. Even if
SSL_read() yields a SSL_ERROR_WANT_WRITE call SSL_read() again not
SSL_write(), the ssl state engine will take care of pending writes (say
during a handshake renegotiation).
>
>
> Many thanks for any help.
>
> --Douglas Lee
>
> ______________________________________________________________________
> OpenSSL Project http://www.openssl.org
> Development Mailing List [EMAIL PROTECTED]
> Automated List Manager [EMAIL PROTECTED]
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
