On Mon, Aug 21, 2000 at 04:58:03PM +0200, Nick De Roeck wrote:
> I'm currently writing a multi-platform webserver using openSSL and I do also
> experience problems with the fact that the networking code is too tighty
> integrated with openSSL. On a unix system this may seem like a non-issue,
> but my adventures trying to get openssl running for both NT, MacOS and
> MacOSX made me curse the networking layer quite often (f.i. there's no such
> thing as a BSD-style network calling convention on standard Mac (yes, there
> is one but I find this a wrong way to go, besides more code = more bugs)).
There exists a way to plug in any IO backend one wishes to use
as needed.
Browsing the source code ...
ssl/s3_pkt.c ssl/s2_pkt.c ssl/s23_pkt.c
All three are are doing BIO_read() calls to pick from underlying
streams. ( and similarly using BIO_write() for sending, of course )
Constructing your own BIO method set better suited for your system
is a fairly easy task.
> If openSSL would be more of a library that runs on top af a stream (any
> stream, being network/stdin/whatever...) it will gain potential on more
> obscure/less known/non-unix platforms.
It definitely is. There just is UNIX-oriented default BIO backend
method set, and its usage convention which confuses you.
(And apps/s_server.c does not help either, it is made with
"hide server socket acceptance under the SSL_accept()" paradigm,
instead of letting the external (to SSL) code to handle the
socket, and when a socket exists, just plug SSL on it as
a protocol processor. )
The UNIX fd oriented thing goes like this: (for a server)
SSL * ssl = SSL_new(ssl_ctx);
SSL_set_fd(ssl, sockfd);
SSL_set_accept_state(ssl); /* server thing, the above set sockfd
is already accept()ed */
...
The ssl/ssl_lib.c SSL_set_fd() function is this:
int SSL_set_fd(SSL *s,int fd)
{
int ret=0;
BIO *bio=NULL;
bio=BIO_new(BIO_s_socket());
if (bio == NULL)
{
SSLerr(SSL_F_SSL_SET_FD,ERR_R_BUF_LIB);
goto err;
}
BIO_set_fd(bio,fd,BIO_NOCLOSE);
SSL_set_bio(s,bio,bio);
ret=1;
err:
return(ret);
}
The BIO_s_socket() set of BIO_METHODs is defined at file
crypto/bio/bss_sock.c, which you may consider as a starting
point for your platform specific network backends.
> But I'm sounding a bit too negative here: This library is a true masterpiece
> and I want to send my sincere gratitude to it's developers, who I think are
> doing a hell of a great job.
>
> nick.
Quite good, although a bit difficult to use, as often "source is the
document" is the rule in the beast.
/Matti Aarnio
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
