RE: SSL overhead

Thu, 17 Apr 2008 00:21:14 -0700 

Hi,

Just a shy question: are you sure you can't do what you want by just
using BIO_new_bio_pair, connect one to SSL and deal with the other one
for networking, like:

    BIO_new_bio_pair(&pInternalBio, 
                           BUF_SIZE, 
                           &pNetworkBio, 
                           BUF_SIZE);
    SSL_set_bio(pSSL, 
                pInternalBio, 
                pInternalBio);

For BUF_SIZE you can choose anything you like, but if it's too small
you'll have to issue more network calls (and thus go into the kernel
more often). I use 16384 because it's the max. TLS record size.
Anyway, "man BIO_new_bio_pair" has a neat picture explaining this
approach.

I am using it to work over a custom network layer that works on Windows
and most flavours of UNIX. On Windows we use IOCP, and on UNIX we use
poll(). Everything works flawlessly - OpenSSL is completely detached
from the networking code, really just a pipe in some respects.

One issue is, that you need another buffer underneath, *unless* you use
the non-copying functions like BIO_nread0/BIO_nread,
BIO_nwrite0/BIO_nwrite, which unfortunately are not officially
supported/documented.

Cheers,
Michael.

> -----Original Message-----
> From: Tomas Neme [mailto:[EMAIL PROTECTED] 
> Sent: Tuesday, April 15, 2008 4:24 PM
> To: openssl-users@openssl.org
> Subject: Re: SSL overhead
> 
> OK, I think I'll implement my own BIO. My C is good, although not
> brilliant, but I can do it. What stopped me from trying that approach
> in the first place was that the BIO* functions are sooooo many and
> that I don't know which ones do I actually *need* to reimplement (that
> is, which ones is the engine going to use), but I'll dig into it.
> 
> Thanks
> 
> -- 
> |_|0|_|
> |_|_|0|
> |0|0|0|
> 
> (\__/)
> (='.'=)This is Bunny. Copy and paste bunny
> (")_(") to help him gain world domination.
> ______________________________________________________________________
> OpenSSL Project                                 http://www.openssl.org
> User Support Mailing List                    openssl-users@openssl.org
> Automated List Manager                           [EMAIL PROTECTED]
> 
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager                           [EMAIL PROTECTED]

Reply via email to