> I'm trying (with no success) to detach SSL from a socket, and use it
> to crypt/decrypt using a mem BIO. Instead of using SSL_write, I want
> to write the encrypted data to a mem BIO (or just a buffer) and send
> it by myself (and do the reverse operation on receive). I will do this
> just after the initial negotiation.
>
> All the information will be encrypted, I just need to do the send/recv
> by myself. I need to change an existing application to use SSL. I'll
> need to put the already encrypted buffer in a queue, to be sent by
> another thread. The encryption thread doesn't have control over the
> socket. How can I do this?
You need to use BIO pairs. There is an example in the OpenSSL
distribution,
ssltest.c contains BIO pair code.
One very important tip on using BIO pairs. You have *4* things to do:
1) When the application wants to send some data, you have to give the
plaintext to the SSL engine.
2) When you receive encrypted data from the socket, you need to give it
to
the SSL engine.
3) When the SSL engine wants to send encrypted data, you have to send it
over the socket.
4) When the SSL engine has plaintext that it has decrypted, you have to
take it from the engine and process it.
Do not try to simplify this into two things by combining the above.
Think
of them as four separate, unrelated things that all need to be done. Do not
assume that receiving encrypted data from the socket will result in
receiving unencrypted data from the SSL engine. It might or might not.
DS
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
