Greetings, I am in the process of converting an SMTP/TLS server to use Async IO. (using IO Completion Ports on Windows) As such, the previously working style of using SSL_accept, select, and SSL_read / SSL_write is no longer sufficient.
Now that I am using WSARecv to do the read, my app is notified when a buffer is filled with (encrypted) data. Somebody suggested I stuff that data into a BIO buffer and read it out of that. I attempted to use BIO_read but without success. I seem to have that half working now, looking roughly like this: (over-simplified for readability) // SMTP client requests STARTTLS, server takes these actions: BIO* m_bioSckt = BIO_new_socket((int)scktUpstream, BIO_NOCLOSE); SSL* m_ssl = SSL_new(ctx); SSL_set_accept_state(m_ssl); SSL_set_bio(m_ssl, m_bioSckt, m_bioSckt); // Server sends "220 go ahead" to client, and waits for Client/Server to negotiate handshake int nRetCode = SSL_accept(m_ssl); // This succeeds - client reports: "New, TLSv1/SSLv3, Cipher is AES256-SHA, etc..." // Now client sends command (e.g. "EHLO example.org") which needs to be decrypted BIO* m_bioMem = BIO_new_mem_buf(encryptedData, nEncDataSize); SSL_set_bio(m_ssl, m_bioMem, NULL); char decryptedData[4096]; int numBytesRead = SSL_read(m_ssl, decryptedData, sizeof(decryptedData)); // SMTP server processes decryptedData and takes appropriate action - e.g. sends a "250 OK" response // That response needs to be encrypted before it is sent (WSASend) BIO* bioMem = BIO_new(BIO_f_buffer()); SSL_set_bio(m_ssl, NULL, bioMem); int numBytesWritten = SSL_write(m_ssl, responseData, nRespDataSize); // fails BIO_flush(bioMem); I am testing using the openssl client: openssl s_client -starttls smtp -connect localhost:25 -crlf -msg -debug The SSL_write seems to fail completely. :( Am I on the right track here? Is it the optimal way to go about it? Also surprising, (at least to me) is that BIO_new_socket and BIO_new_mem_buf return the identical address in memory, which makes me think I am really not understanding how this is supposed to work. Any pointers are much appreciated. TIA, n8 ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
