In general, the OpenSSL library (C API) seems to offer two ways to do everything: you can either use plain system sockets configured to your liking, or you can use OpenSSL BIO objects which are sort of like streams.
通常,OpenSSL库(C API)似乎提供了两种方法来执行所有操作:您可以使用根据自己的喜好配置的普通系统套接字,也可以使用类似于流的OpenSSL BIO对象。
However, I'm often confused by some of the duplicated functionality. For example, how do you make an SSL connection non-blocking? One way seems to be to simply access the underlying file descriptor and set it to non-blocking using fcntl. But there is also an OpenSSL API function called BIO_set_nbio which takes in a BIO* object and sets it to non-blocking mode.
但是,我经常对一些重复的功能感到困惑。例如,如何使SSL连接无阻塞?一种方法似乎是简单地访问底层文件描述符并使用fcntl将其设置为非阻塞。但是还有一个名为BIO_set_nbio的OpenSSL API函数,它接收一个BIO *对象并将其设置为非阻塞模式。
So what is the best way to set up a non-blocking SSL socket? What happens if you pass OpenSSL a native file descriptor which is already set to non-blocking mode via fnctl? Do you still need to specifically call BIO_set_nbio to make the BIO object non-blocking?
那么设置非阻塞SSL套接字的最佳方法是什么?如果您将OpenSSL传递给已通过fnctl设置为非阻塞模式的本机文件描述符会发生什么?你还需要专门调用BIO_set_nbio来使BIO对象无阻塞吗?
1 个解决方案
#1
8
I think most people prefer the BIO interface, but the BIO routines just use whatever native non-blocking socket APIs that are available on the platform. I don't know what happens if you mix and match.
我认为大多数人更喜欢BIO接口,但BIO例程只使用平台上可用的任何本机非阻塞套接字API。我不知道如果混合搭配会发生什么。
Note that non-blocking I/O for SSL is much trickier than for TCP in general. If you don't understand this going in you're going to be torturing yourself. There are books by John Viega and another by Eric Rescorla that go into this, and you can certainly read the OpenSSL mailing list to get a sense of the heartburn this has caused. Some good code examples showing non-blocking SSL programming with OpenSSL are contained in the software for the TOR project, and the curl utility.
请注意,SSL的非阻塞I / O通常比TCP更复杂。如果你不理解这种情况你将会折磨自己。 John Viega和Eric Rescorla的书籍都有这本书,你可以阅读OpenSSL邮件列表,以了解这引起的胃灼热感。一些很好的代码示例显示了使用OpenSSL的非阻塞SSL编程,包含在TOR项目的软件和curl实用程序中。
#1
8
I think most people prefer the BIO interface, but the BIO routines just use whatever native non-blocking socket APIs that are available on the platform. I don't know what happens if you mix and match.
我认为大多数人更喜欢BIO接口,但BIO例程只使用平台上可用的任何本机非阻塞套接字API。我不知道如果混合搭配会发生什么。
Note that non-blocking I/O for SSL is much trickier than for TCP in general. If you don't understand this going in you're going to be torturing yourself. There are books by John Viega and another by Eric Rescorla that go into this, and you can certainly read the OpenSSL mailing list to get a sense of the heartburn this has caused. Some good code examples showing non-blocking SSL programming with OpenSSL are contained in the software for the TOR project, and the curl utility.
请注意,SSL的非阻塞I / O通常比TCP更复杂。如果你不理解这种情况你将会折磨自己。 John Viega和Eric Rescorla的书籍都有这本书,你可以阅读OpenSSL邮件列表,以了解这引起的胃灼热感。一些很好的代码示例显示了使用OpenSSL的非阻塞SSL编程,包含在TOR项目的软件和curl实用程序中。