Richard Levitte - VMS Whacker wrote:
> From: Dan Kegel <[EMAIL PROTECTED]>
>
> dank> BIO's should have been a well-separated layer, not an integral
> dank> part of OpenSSL.
>
> I'm not sure I understand that argument. BIO's *are* separate, in
> their own "module", if you wish to express it that way. They just
> happen to be used by OpenSSL as transport, which I see as a feature,
> since that makes it possible for the application programmer to make
> his own (I'd like to see you do your own FILE * or thingy controlled
> through file descriptors).
The simple fact that OpenSSL uses BIO's as a transport is part of the problem.
The interface to SSL_read() and SSL_write() are also part of the problem.
Both assume a model for I/O that makes it difficult to achieve
non-blocking crypto operations.
> I wonder, is it really BIO's that are your problem, or the fact that
> SSL itself (the handshake, most particularly) makes non-blocking I/O a
> bit tricky? Just trying to set the record straight...
Nonblocking network I/O is tricky with the current API, but doable.
I've got working code for that, and there are good examples now.
Nonblocking crypto is another matter; it would be a real pain, and
there are no examples showing how it might be done.
Introducing an explicit, abstract SSL state machine might solve this problem,
and lead to cleaner code, both inside OpenSSL and in user apps.
I've put together a sketch of what OpenSSL might look like if this were done. See
http://www.kegel.com/ssl/api.html
Comments welcome.
- Dan
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
