Hi,
I replaced the call to SSL_select to this one and it worked !!! Thanks for
your help.
int i =0;
while(1 == i)
{
dRetVal = SSL_accept(pSsl);
if(!(SSL_ERROR_WANT_READ == SSL_get_error(pSsl,dRetVal)))
i=0;
}
So, this kind of condition should be put for every non-blocking SSL call ?
vne wrote:
>
> You are right that I am making a non-blocking SSL_accept call.
>
> The problem is on vxWorks when 'select' states that some connection
> request is present, SSL_accept returns failure with error code as
> SSL_ERROR_WANT_READ.
>
> But if I add some delay in between this 'select' and 'SSL_accept', then it
> returns with successful handshake.
>
> Moreover, this behavior is not observed on Linux Platform.
>
> As per documentation, in case of non-blocking socket, should I call
> 'select' again to check in the request is still there and then call
> SSL_accept again?
> Or I am missing something?
>
> Thanks for replying.
>
>
>
>
> David Schwartz wrote:
>>
>>
>>> Hi,
>>> I am trying to use SSL_accept on vxWorks 5.5 (Pentium). But when the SSL
>>> client sends the initial handshake message (Client Hello),
>>> then SSL_accept returns failure with error as SSL_ERROR_WANT_READ.
>>>
>>> The same code works fine when used on Linux platform and
>>> handshake completes
>>> successfully.
>>>
>>> On server side, when select returns success, TCP accept is called and
>>> finally SSL_accept is called.
>>> the following snippet shows the code flow:
>>>
>>> pSslCtx = SSL_CTX_new(TLSv1_method());
>>>
>>>
>>> ...
>>> SSL_set_accept_state(pSsl);
>>> dRetVal = SSL_accept(pSsl);
>>> ssl3_accept
>>> ssl3_get_client_hello
>>> ssl3_get_message
>>> ssl3_read_bytes
>>> ssl3_get_record
>>> ssl3_read_n
>>> BIO_read
>>>
>>>
>>> The function SSL_accept internally calls ssl3_get_client_hello,
>>> and finally
>>> function BIO_read is called to read the Hello message. This
>>> function returns
>>> failure while reading.
>>>
>>> If I use a debugger and browse the exection step by step then everything
>>> works fine.
>>> Also, if I add some delay (by adding sleep(2)) before BIO_read, then
>>> also
>>> everything works fine.
>>>
>>> Please suggest what may be the reason for this. Is something missing in
>>> initilization part ?
>>> or can I make the call of BIO_read blocking ?
>>
>> What are you trying to do? Are you attempting a blocking SSL_accept or a
>> non-blocking one? It sounds like you are correctly doing a non-blocking
>> SSL_accept, and OpenSSL is correctly informing you that an accept would
>> have
>> to block because data OpenSSL needs to read has not arrived yet.
>>
>> This is documented behavior:
>>
>> If the underlying BIO is non-blocking, SSL_accept() will also
>> return
>> when the underlying BIO could not satisfy the needs of
>> SSL_accept()
>> to
>> continue the handshake, indicating the problem by the return
>> value -1.
>> In this case a call to SSL_get_error() with the return value of
>> SSL_accept() will yield SSL_ERROR_WANT_READ or
>> SSL_ERROR_WANT_WRITE.
>> The calling process then must repeat the call after taking
>> appropriate
>> action to satisfy the needs of SSL_accept(). The action depends
>> on
>> the
>> underlying BIO. When using a non-blocking socket, nothing is to be
>> done, but select() can be used to check for the required
>> condition.
>> When using a buffering BIO, like a BIO pair, data must be written
>> into
>> or retrieved out of the BIO before being able to continue.
>>
>> DS
>>
>>
>> ______________________________________________________________________
>> OpenSSL Project http://www.openssl.org
>> User Support Mailing List [email protected]
>> Automated List Manager [EMAIL PROTECTED]
>>
>>
>
>
--
View this message in context:
http://www.nabble.com/Problem-in-using-SSL_accept-on-vxWorks-5.5-%28Pentium%29-tp19454074p19456730.html
Sent from the OpenSSL - User mailing list archive at Nabble.com.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [email protected]
Automated List Manager [EMAIL PROTECTED]
