Thank you Lutz and Steve! I used both your suggestions to get this
working.
Here is what I ended up doing:
ssl_connected = 0;
while(!ssl_connected)
{
res = SSL_connect(ssl_con);
ssl_connected = ((res == 1) && SSL_is_init_finished(ssl_con));
if (!ssl_connected)
{
errcode = SSL_get_error(ssl_con, res);
switch(errcode)
{
case SSL_ERROR_NONE:
/* No error, we should have a connection, check again */
ssl_connected = ((res == 1) && SSL_is_init_finished(ssl_con));
break;
case SSL_ERROR_WANT_READ:
case SSL_ERROR_WANT_WRITE:
/* no_error just wait for more data; */
pfd.fd = sock; pfd.events = POLLOUT|POLLIN; pfd.revents = 0;
while ((n = poll(&pfd, 1, 1000*timeout)) < 0)
{
if (errno != EINTR)
{
if (err) sprintf(err, "conn_err:%d", errno);
close(sock);
return 0;
}
}
if (!n)
{
if (err) strcpy(err, "conn_timeout");
close(sock);
return 0;
}
if ( !((pfd.revents & POLLOUT) || (pfd.revents & POLLIN)) )
{
if (err) strcpy(err, "connect");
close(sock);
return 0;
}
break;
case SSL_ERROR_ZERO_RETURN:
/* Peer closed the connection. */
case SSL_ERROR_SSL:
default:
/* hard_error; */
ERR_error_string(ERR_get_error(), buf);
sprintf(errbuf, "%s: %s:%d", buf, __FILE__, __LINE__);
log_error(errbuf);
close(sock);
return 0;
}
}
}
This works for me.
Thanks again.
Lou
Louis LeBlanc wrote:
>
> Hello again, everyone.
>
> I have solved some of the problems I have been having with setting
> verification mode and depth, I think. (Thank you Lutz!)
>
> I have also approached the problem of ensuring the connection is
> successful on a nonblocking socket. What I was trying to do is use
> SSL_state() to see if the connection has been made. If I interpreted
> the SSL_connect()code correctly, it sets the state to
> SSL_ST_CONNECT|SSL_ST_BEFORE
>
> If I check the state with SSL_state() it should tell me if the SSL
> connection has been established, right?
>
> My initial solution was to set the connection back to blocking mode just
> before the SSL_connect, and I am told it may be okay with the rest of
> the app if it stays this way. Does any know of any caveats with this
> scenario?
>
> Thanks
>
> Lou
> ______________________________________________________________________
> OpenSSL Project http://www.openssl.org
> User Support Mailing List [EMAIL PROTECTED]
> Automated List Manager [EMAIL PROTECTED]
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
