000025484 - Use SSL-C with non-blocking I/O.

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 22, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000025484
Applies ToRSA BSAFE SSL-C
IssueUse SSL-C with non-blocking I/O.
Calls to SSL-C functions fail after setting a BIO or socket to be non-blocking.
CauseSSL-C calls return a status indicating whether or not a particular call would block while waiting for I/O.
ResolutionWhen calling SSL-C functions when the underlying socket is set to non-blocking mode, the following methodology must be used.  The following applies to calls to SSL_read, SSL_write, SSL_do_handshake, and other SSL_ functions.  See below for further details on usage with BIO_read, BIO_write, or other BIO_ calls.

   /* Assume that we have an established connection,
    * represented by an SSL structure named ssl. */
   SSL *ssl;
   int ret, error;

   /* The following code will demonstrate the process
    * for a call to SSL_read.  A similar process can be applied
    * to calls to SSL_write or SSL_do_handshake. */
   ret = SSL_read (ssl, buffer, len);

   if (ret <= 0) {
     error = SSL_get_error (ssl, ret);

     switch (error) {
       case SSL_ERROR_WANT_READ:
         /*  A read operation failed.  Call SSL_read again with
             the same arguments once bytes are available on
             the socket. */
         break;

       case SSL_ERROR_WANT_WRITE:
         /* A write operation failed.  When the socket is
            available for writing, call the SSL function again.  
            Generally, SSL_read won't cause this value to be
            thrown, but it is a good idea to check for and deal
            with it if it comes up. */
         break;
   
       case SSL_ERROR_WANT_CONNECT:
         /* If a connect BIO was used, then this will indicate
            that the socket is not yet connected.  Wait until the
            socket is connected before re-calling SSL_read. */
         break;

       case SSL_ERROR_WANT_X509_LOOKUP:
         /* This indicates that the SSL-C library is waiting for the
            lookup of a digital certificate to complete.  Re-call the
            SSL_read function again when this operation has
            completed. */
         break;
     }
   }

 The process described above applies to uses of SSL_ functions.  It is important to note that the function call must be repeated with unchanged arguments to avoid errors.  Buffer pointers or lengths should not be modified between calls.  It is up to the application to determine when such operations should be retried.

 For usage with BIO_write or BIO_read, the following would be used:

   BIO *bio;
   int ret;

   /* The following code will demonstrate the process
    * for a call to SSL_read.  A similar process can be applied
    * to calls to SSL_write or SSL_do_handshake. */
   ret = BIO_read (bio, buffer, len);

   if (ret <= 0) {
     if (BIO_should_retry (bio) == 1) {
       /* This indicates that the operation should be
          retried in the future when data is available to read. */
     }
   }

 Determination of readability or writeability is up to the application.  This can be achieved by using the select or poll system calls on most systems.
Legacy Article IDa2442

Attachments

    Outcomes