Anyone any comments on this. Is openssl appropriate choice for my case? // Harshvir
On Mon, May 23, 2011 at 3:59 AM, Harshvir Sidhu <hvssi...@gmail.com> wrote: > David, > So are you suggesting that i change the approach in my Code. My > application is for Windows and in Managed C++. In that i am using Callback > function for receive, when the callback function is called, and when i call > SSL_read in that, it hangs at recv call in the OpenSSL code, my assumption > is that data was already read from socket, when callback was called. Another > thing i would like to mention is I am using Sockets Managed Class, not the > native sockets. > > // Harshvir > > > On Sun, May 22, 2011 at 10:06 PM, David Schwartz <dav...@webmaster.com>wrote: > >> On 5/22/2011 5:10 PM, Harshvir Sidhu wrote: >> >> Previously I have used SSL_XXX functions for performing SSL >>> operations. Now i have am working on an application which is written in >>> Managed C++ using callback functions(BeginReceive and EndReceive), and >>> SSL_Read function is not working for that. So i tried using BIO_ >>> functions to create a bio pair for internal and network bio and then >>> using them to encrypt/decrypt data before sending using normal socket, >>> but when i try to use that my handshake is not getting completed, i do >>> not see any error on s_server, but it dont seem to work when i try to >>> enter something on server side, my callback dont get called. >>> Can someone point me to some example code for this in which BIO is >>> used to encrypt and decrypt data and then using normal sockets for >>> send/receive? I am not able to find anything in openssl source exmple or >>> on google. >>> >> >> You are thinking about the problem wrong. You are thinking "I need to send >> some data. So I send it to OpenSSL. OpenSSL encrypts it, so then I need to >> get that encrypted data from OpenSSL and write it to the socket. Then, the >> other end will reply, so I need to read some encrypted data from the socket, >> give it to OpenSSL, and then OpenSSL will decrypt it and give it to me." >> This attempt to "look through" the OpenSSL engine will produce broken code >> and pain. >> >> Instead, treat the OpenSSL engine as a black box whose internals are >> wholly unknown to you. If you receive some data from the socket, give it to >> OpenSSL. If OpenSSL wants to send some data on the socket, send it. If you >> want to send some data to the other side, give it to OpenSSL. If OpenSSL has >> some plaintext for you, take it and process it. But make no assumptions >> about the sequence or interactions between these things. >> >> For example, a typical mistake is to wait for data to be received on the >> socket before calling SSL_Read. This is completely broken behavior. Data >> received on the socket is encrypted. Data received from SSL_Read is >> decrypted. These are two distinct streams that, as far as your application >> should be concerned, are totally unrelated. (Except when SSL_Read >> specifically returns a WANT_READ, of course, and then only until some other >> event invalidates the WANT_READ indication.) >> >> DS >> >> >