Eric Young wrote:
> On Thu, 14 May 1998, Dirk Neuwinger wrote:
> > i try to make a nonblocking BIO_do_handshake in
> > accept state, but it doesn't work. The first call to
> > BIO_do_handshake or BIO_do_accept blocks,although i
> > call BIO_set_nbio(p_s_ctrl->p_out,1). What i want is
> > : one nonblocking socket for accept (listen), and
> > getting nonblocking connected sockets for the
> > sessions.
>
> I recently went through this stuff because I have been
> playing with it again :-). What I'm describing is
> correct for 0.9.0 I belive and will definitly be
> correct for 0.9.1
Probably my problem, that i have 0.9.0.
> The BIO_set_nbio(b,n) call will set things so that the
> socket accepted is explicitly set to non-blocking.
> BIO_set_nbio_accept(b,n) will set the accept() socket
> to non-blocking. Call before the first
> BIO_do_handshake() call.
>
> Just in case this is not working as advertised in you
> current version of SSLeay, BIO_get_fd(bio,&fd) can be
> used to retrieve the actual socket and you can set it
> in your code via BIO_socket_nbio(int fd, int mode).
>
> So what can be done is as follows, given a setup
> SSL_CTX
>
setup SSL_CTX .....
> a_bio=BIO_new_accept(host_port); /* can be "*" for
> any */ s_bio=BIO_new_ssl(ssl_ctx,0); /* Server side
> SSL */
>
> BIO_set_nbio_accept(a_bio,1); /* non-blocking accept
> */ BIO_set_nbio(a_bio,1); /* accepted sockets are
> non-blocking */ BIO_set_accept_bios(a_bio,ssl_ctx);
>
> if (BIO_do_handshake(a_bio)) error /* or cound be
> BIO_do_accept() */
>
> /* Now we can enter the accept loop */
>
> i=BIO_do_handshake(a_bio);
> if (i <= 0) /* check non-blocking or error stuff */
>
> new_bio=BIO_pop(a_bio);
I'm using SSLeay-0.9.0 on AIX and the stuff above
doesn't work. If i do it like above, i got the state
message: unknown state if i do it like below, i got the
state message: SSLv2 read client hello B after the first
call of BIO_do_handshake(), but i can't get the fd with
BIO_get_fd() (-1)
I tried many things, bur it is impossible for me to get
the right things. Ok, what i'm doing is this:
---------------------
p_ssl_ctx=SSL_CTX_new(SSLv2_method());
/* workaround for many bugs */
SSL_CTX_set_options(p_ssl_ctx,SSL_OP_ALL);
/* Lets make a SSL structure */ if
(!SSL_CTX_use_certificate_file(p_ssl_ctx,
CERT_FILE,
SSL_FILETY
PE_P EM))
printf("use_cert_file error\n");
else
printf("use_cert_file OK\n");
if (!SSL_CTX_use_PrivateKey_file(p_ssl_ctx,
CERT_FILE,S
SL_FILETYPE
_PE M))
printf("use_PrivateKey_file error\n");
else
printf("use_PrivateKey_file OK\n");
p_s_ctrl->p_ssl=SSL_new(p_ssl_ctx);
SSL_set_accept_state(p_s_ctrl->p_ssl);
/* Use it inside an SSL BIO */
p_ssl_bio=BIO_new(BIO_f_ssl());
BIO_set_ssl(p_ssl_bio,p_s_ctrl->p_ssl,BIO_CL
OSE);
p_s_ctrl->p_out=BIO_new_accept(host);
BIO_set_nbio(p_s_ctrl->p_out,1);
BIO_set_nbio_accept(p_s_ctrl->p_out,1);
p_s_ctrl->p_out=BIO_push(p_ssl_bio,p_s_ctrl-
>p_out);
/* do the handshake */
ec = BIO_do_handshake(p_s_ctrl->p_out); if
(ec <= 0)
{
printf("Waiting in SSL_accept - %s\n",
SSL_state_string_long(p_s_ctrl->p_ssl
));
....
BIO_get_fd(p_s_ctrl->p_out,&fd);
p_ctrl->port_id = fd;
printf("socket %d\n",p_ctrl->port_id);
return(EWOULDBLOCK); }
OUTPUT:
HOST:[*:4433]
use_cert_file OK
use_PrivateKey_file OK
Waiting in SSL_accept - SSLv2 read client hello B
socket -1
--------------------------
Any hints? I'm really desperate. I have no idea how it
should work.
Dirk
Important: New telephone number, since May 11th.
[EMAIL PROTECTED] | http://www.ikossvan.de
Software Developer, ETA | IKOSS VAN GmbH, Germany
Tel.:+49 (2408) 148 125 | Business Unit Networks
Fax :+49 (2408) 148 204 | Pascalstr.19, 52076 Aachen
+-------------------------------------------------------------------------+
| Administrative requests should be sent to [EMAIL PROTECTED] |
| List service provided by Open Software Associates, http://www.osa.com/ |
+-------------------------------------------------------------------------+
