You are right that I am making a non-blocking SSL_accept call. The problem is on vxWorks when 'select' states that some connection request is present, SSL_accept returns failure with error code as SSL_ERROR_WANT_READ.
But if I add some delay in between this 'select' and 'SSL_accept', then it returns with successful handshake. Moreover, this behavior is not observed on Linux Platform. As per documentation, in case of non-blocking socket, should I call 'select' again to check in the request is still there and then call SSL_accept again? Or I am missing something? Thanks for replying. David Schwartz wrote: > > >> Hi, >> I am trying to use SSL_accept on vxWorks 5.5 (Pentium). But when the SSL >> client sends the initial handshake message (Client Hello), >> then SSL_accept returns failure with error as SSL_ERROR_WANT_READ. >> >> The same code works fine when used on Linux platform and >> handshake completes >> successfully. >> >> On server side, when select returns success, TCP accept is called and >> finally SSL_accept is called. >> the following snippet shows the code flow: >> >> pSslCtx = SSL_CTX_new(TLSv1_method()); >> >> >> ... >> SSL_set_accept_state(pSsl); >> dRetVal = SSL_accept(pSsl); >> ssl3_accept >> ssl3_get_client_hello >> ssl3_get_message >> ssl3_read_bytes >> ssl3_get_record >> ssl3_read_n >> BIO_read >> >> >> The function SSL_accept internally calls ssl3_get_client_hello, >> and finally >> function BIO_read is called to read the Hello message. This >> function returns >> failure while reading. >> >> If I use a debugger and browse the exection step by step then everything >> works fine. >> Also, if I add some delay (by adding sleep(2)) before BIO_read, then also >> everything works fine. >> >> Please suggest what may be the reason for this. Is something missing in >> initilization part ? >> or can I make the call of BIO_read blocking ? > > What are you trying to do? Are you attempting a blocking SSL_accept or a > non-blocking one? It sounds like you are correctly doing a non-blocking > SSL_accept, and OpenSSL is correctly informing you that an accept would > have > to block because data OpenSSL needs to read has not arrived yet. > > This is documented behavior: > > If the underlying BIO is non-blocking, SSL_accept() will also > return > when the underlying BIO could not satisfy the needs of SSL_accept() > to > continue the handshake, indicating the problem by the return > value -1. > In this case a call to SSL_get_error() with the return value of > SSL_accept() will yield SSL_ERROR_WANT_READ or > SSL_ERROR_WANT_WRITE. > The calling process then must repeat the call after taking > appropriate > action to satisfy the needs of SSL_accept(). The action depends on > the > underlying BIO. When using a non-blocking socket, nothing is to be > done, but select() can be used to check for the required condition. > When using a buffering BIO, like a BIO pair, data must be written > into > or retrieved out of the BIO before being able to continue. > > DS > > > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List openssl-users@openssl.org > Automated List Manager [EMAIL PROTECTED] > > -- View this message in context: http://www.nabble.com/Problem-in-using-SSL_accept-on-vxWorks-5.5-%28Pentium%29-tp19454074p19455751.html Sent from the OpenSSL - User mailing list archive at Nabble.com. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]