Hi, I replaced the call to SSL_select to this one and it worked !!! Thanks for your help.
int i =0; while(1 == i) { dRetVal = SSL_accept(pSsl); if(!(SSL_ERROR_WANT_READ == SSL_get_error(pSsl,dRetVal))) i=0; } So, this kind of condition should be put for every non-blocking SSL call ? vne wrote: > > You are right that I am making a non-blocking SSL_accept call. > > The problem is on vxWorks when 'select' states that some connection > request is present, SSL_accept returns failure with error code as > SSL_ERROR_WANT_READ. > > But if I add some delay in between this 'select' and 'SSL_accept', then it > returns with successful handshake. > > Moreover, this behavior is not observed on Linux Platform. > > As per documentation, in case of non-blocking socket, should I call > 'select' again to check in the request is still there and then call > SSL_accept again? > Or I am missing something? > > Thanks for replying. > > > > > David Schwartz wrote: >> >> >>> Hi, >>> I am trying to use SSL_accept on vxWorks 5.5 (Pentium). But when the SSL >>> client sends the initial handshake message (Client Hello), >>> then SSL_accept returns failure with error as SSL_ERROR_WANT_READ. >>> >>> The same code works fine when used on Linux platform and >>> handshake completes >>> successfully. >>> >>> On server side, when select returns success, TCP accept is called and >>> finally SSL_accept is called. >>> the following snippet shows the code flow: >>> >>> pSslCtx = SSL_CTX_new(TLSv1_method()); >>> >>> >>> ... >>> SSL_set_accept_state(pSsl); >>> dRetVal = SSL_accept(pSsl); >>> ssl3_accept >>> ssl3_get_client_hello >>> ssl3_get_message >>> ssl3_read_bytes >>> ssl3_get_record >>> ssl3_read_n >>> BIO_read >>> >>> >>> The function SSL_accept internally calls ssl3_get_client_hello, >>> and finally >>> function BIO_read is called to read the Hello message. This >>> function returns >>> failure while reading. >>> >>> If I use a debugger and browse the exection step by step then everything >>> works fine. >>> Also, if I add some delay (by adding sleep(2)) before BIO_read, then >>> also >>> everything works fine. >>> >>> Please suggest what may be the reason for this. Is something missing in >>> initilization part ? >>> or can I make the call of BIO_read blocking ? >> >> What are you trying to do? Are you attempting a blocking SSL_accept or a >> non-blocking one? It sounds like you are correctly doing a non-blocking >> SSL_accept, and OpenSSL is correctly informing you that an accept would >> have >> to block because data OpenSSL needs to read has not arrived yet. >> >> This is documented behavior: >> >> If the underlying BIO is non-blocking, SSL_accept() will also >> return >> when the underlying BIO could not satisfy the needs of >> SSL_accept() >> to >> continue the handshake, indicating the problem by the return >> value -1. >> In this case a call to SSL_get_error() with the return value of >> SSL_accept() will yield SSL_ERROR_WANT_READ or >> SSL_ERROR_WANT_WRITE. >> The calling process then must repeat the call after taking >> appropriate >> action to satisfy the needs of SSL_accept(). The action depends >> on >> the >> underlying BIO. When using a non-blocking socket, nothing is to be >> done, but select() can be used to check for the required >> condition. >> When using a buffering BIO, like a BIO pair, data must be written >> into >> or retrieved out of the BIO before being able to continue. >> >> DS >> >> >> ______________________________________________________________________ >> OpenSSL Project http://www.openssl.org >> User Support Mailing List openssl-users@openssl.org >> Automated List Manager [EMAIL PROTECTED] >> >> > > -- View this message in context: http://www.nabble.com/Problem-in-using-SSL_accept-on-vxWorks-5.5-%28Pentium%29-tp19454074p19456730.html Sent from the OpenSSL - User mailing list archive at Nabble.com. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]