Re: Is full-duplex socket use possible with OpenSSL?

Fri, 23 Oct 2009 09:16:04 -0700 

> > I advocate that some users would find it useful to be
> able to invoke 
> > SSL_read() and SSL_write() from exactly two threads on
> the same 'SSL *' 
> > simultaneously.  There is merit in this and as
> things stands OpenSSL does 
> > not allow it due to a design choice (aka "design
> limitation").
> 
> You are mistaken. There are no message boundaries, and
> multiple threads
> reading and writing the same SSL session would get random
> fragments of
> the remote data on read, and emit random fragments of data
> on write.
> 
> There is no sensible use-case for concurrent multiple
> thread access
> to an SSL object. All access must be serialized to ensure
> remotely
> reasonable semantics.

Alright, here's a simple use case: I have a large file here, you have a large 
file there.  We'd like to trade them.  We have two independent streams 
available (one from me to you, one from you to me).  A socket, in other words.

We could take turns sending discrete pieces of each file but that's silly and 
slow.

Assuming we can load these gigantic files into memory to make the example 
simpler, we could both do this to write:

char* p = entire_file_buffer;
char* e = p + size_of_file;
while (p!=e) {
  int n = send(sock_fd, p, e-p);
  if (n<0) return ERR;
  p += n;
}

And we both do this to read:

char* p = entire_file_buffer;
char* e = p + size_of_file;
while (p!=e) {
  int n = recv(sock_fd, p, e-p);
  if (n<0) return ERR;
  p += n;
}

It's simple, uses two threads, one socket, and makes the best use of our 
bandwidth.

So I'm hoping it is your misunderstanding actually, that you thought we were 
suggesting two different threads should be able to write the same SSL* at the 
same time, or that two different threads be able to read the same SSL* at the 
same time, which clearly doesn't make sense for a stream-based protocol.  We 
weren't suggesting that.

We were suggesting that it would be really, really nice if the example above 
could have send replaced with SSL_write and recv replaced with SSL_read and it 
would just work.  :)

--jason




______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager                           majord...@openssl.org

Reply via email to