Re: [ssl-users] BIO_do_accept()

Fri, 15 May 1998 05:24:42 -0400 


On Thu, 14 May 1998, Dirk Neuwinger wrote:
> i try to make a nonblocking BIO_do_handshake in accept state,
> but it doesn't work. The first call to BIO_do_handshake or 
> BIO_do_accept blocks,although i call BIO_set_nbio(p_s_ctrl->p_out,1).
> What i want is : one nonblocking socket for accept (listen), and
> getting nonblocking connected sockets for the sessions.

I recently went through this stuff because I have been playing with it again
:-).  What I'm describing is correct for 0.9.0 I belive and will definitly be
correct for 0.9.1

The BIO_set_nbio(b,n) call will set things so that the socket accepted is
explicitly set to non-blocking.
BIO_set_nbio_accept(b,n) will set the accept() socket to non-blocking.
Call before the first BIO_do_handshake() call.

Just in case this is not working as advertised in you current version of
SSLeay, BIO_get_fd(bio,&fd) can be used to retrieve the actual socket and you
can set it in your code via BIO_socket_nbio(int fd, int mode).

So what can be done is as follows, given a setup SSL_CTX

        a_bio=BIO_new_accept(host_port); /* can be "*" for any */
        s_bio=BIO_new_ssl(ssl_ctx,0);   /* Server side SSL */

        BIO_set_nbio_accept(a_bio,1);   /* non-blocking accept */
        BIO_set_nbio(a_bio,1);          /* accepted sockets are non-blocking */
        BIO_set_accept_bios(a_bio,ssl_ctx);

        if (BIO_do_handshake(a_bio)) error /* or cound be BIO_do_accept() */

        /* Now we can enter the accept loop */

        i=BIO_do_handshake(a_bio);
        if (i <= 0) /* check non-blocking or error stuff */

        new_bio=BIO_pop(a_bio);

        /* a_bio can now do a new accept, and new_bio is a SSL bio
         * with the just connected socket underneath.
         * new_bio has not finished the SSL protocol yet (or even started it)
         * but BIO_do_handshake(new_bio) can be called returning 1 (sucess),
         * 0 (ssl hanshake failure) or -1 (should retry).
         * The other option is to just start BIO_read/BIO_write which
         * will do the SSL handshake before any data is sent.
         */

Anyway, the above is how it should work :-)

eric



+-------------------------------------------------------------------------+
| Administrative requests should be sent to [EMAIL PROTECTED] |
| List service provided by Open Software Associates, http://www.osa.com/  |
+-------------------------------------------------------------------------+

Reply via email to