non-blocking openssl BIO type
1,212 views
Skip to first unread message
Mike Mangelsdorf
Feb 28, 2014, 7:03:07 PM2/28/14
to li...@googlegroups.com
I am using openssl to implement a tls server with libuv. There is a lot of dated information on the web on how to do non-blocking openssl, but a reasonable approach seems to be:
This document recommends creating a non-blocking socket BIO like so: sbio = BIO_new_socket( socket, BIO_NOCLOSE); and then use asynchronous SSL_read and SSL_write. Is this the right BIO type to use though, as it would presumably involve a private socket fd from libuv?
Fedor Indutny
Feb 28, 2014, 7:13:44 PM2/28/14
to li...@googlegroups.com
Mike,
You could try using my TLS terminator as a base of your server:
http://github.com/indutny/bud . It is written on the top of the libuv,
though, not using asynchronous BIOs (in fact it is using my custom
BIO).
Cheers,
Fedor.
> --
> You received this message because you are subscribed to the Google Groups
> "libuv" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to libuv+un...@googlegroups.com.
> To post to this group, send email to li...@googlegroups.com.
> Visit this group at http://groups.google.com/group/libuv.
> For more options, visit https://groups.google.com/groups/opt_out.
You could try using my TLS terminator as a base of your server:
http://github.com/indutny/bud . It is written on the top of the libuv,
though, not using asynchronous BIOs (in fact it is using my custom
BIO).
Cheers,
Fedor.
> You received this message because you are subscribed to the Google Groups
> "libuv" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to libuv+un...@googlegroups.com.
> To post to this group, send email to li...@googlegroups.com.
> Visit this group at http://groups.google.com/group/libuv.
> For more options, visit https://groups.google.com/groups/opt_out.
Mike Mangelsdorf
Mar 1, 2014, 4:54:23 AM3/1/14
to li...@googlegroups.com, fe...@indutny.com
Thank you Fedor,
I had looked at bud before and it's been helpful already!
For anyone trying to get to grips with non-blocking use of openssl, I also found this post/thread helpful, it cleared up basic misconceptions I had:
Probably a topic of ongoing interest, so feel free to reply with interesting links here...
Kind Regards,
Michael
Mike Mangelsdorf
Mar 1, 2014, 9:13:51 AM3/1/14
to li...@googlegroups.com, fe...@indutny.com
Reading up on this some more, rather than socket BIO with SSL_read/write, I will prototype a "BIO pair" approach, so that libuv doesn't have to share the socket. The application shares encode/decode data with openssl across an asynchronous "BIO pair" (buffer).
Mike Mangelsdorf
Mar 2, 2014, 9:48:56 AM3/2/14
to li...@googlegroups.com
Hopefully this is helpful for people coming across this thread, as some information on the web explicitly states that openssl doesn't have notification callbacks, which may have put you on a wrong track.
SSL_CTX_set_info_callback() sets the callback function, that can be used to obtain state information for SSL objects created from ctx during connection setup and use.The where argument specifies information about where (in which context) the callback function was called.
(Can be SSL_CB_READ/WRITE, which sounds promising.)
Reply all
Reply to author
Forward
0 new messages