如何在非阻塞套接字上处理 OpenSSL SSL_ERROR_WANT_READ/WANT_WRITE [英] How to handle OpenSSL SSL_ERROR_WANT_READ / WANT_WRITE on non-blocking sockets
问题描述
OpenSSL 库允许使用 SSL_read 从底层套接字读取并使用 SSL_write 写入.这些函数可能会返回 SSL_ERROR_WANT_READ 或 SSL_ERROR_WANT_WRITE,具体取决于它们的 ssl 协议需要(例如重新协商连接时).
The OpenSSL library allows to read from an underlying socket with SSL_read and write to it with SSL_write. These functions maybe return with SSL_ERROR_WANT_READ or SSL_ERROR_WANT_WRITE depending on their ssl protocol needs (for example when renegotiating a connection).
我真的不明白 API 想让我对这些结果做什么.
I don't really understand what the API wants me to do with these results.
想象一个接受客户端连接的服务器应用程序,设置一个新的 ssl 会话,使底层套接字非阻塞,然后将文件描述符添加到选择/轮询/epoll 循环.
Imaging a server app that accepts client connections, sets up a new ssl session, makes the underlying socket non-blocking and then adds the filedescriptor to a select/poll/epoll loop.
如果客户端发送数据,主循环会将其分派给 ssl_read.如果返回 SSL_ERROR_WANT_READ 或 SSL_ERROR_WANT_WRITE,这里必须做什么?WANT_READ 可能很容易,因为下一次主循环迭代可能会导致另一个 ssl_read.但是如果ssl_read返回WANT_WRITE,应该用什么参数调用呢?为什么图书馆不自己发出调用?
If a client sends data, the main loop will dispatch this to a ssl_read. What has to be done here if SSL_ERROR_WANT_READ or SSL_ERROR_WANT_WRITE is returned? WANT_READ might be easy, because the next main loop iteration could just lead to another ssl_read. But if the ssl_read return WANT_WRITE, with what parameters should it be called? And why doesn't the library issue the call itself?
如果服务器想向客户端发送一些数据,它将使用 ssl_write.同样,如果返回 WANT_READ 或 WANT_WRITE 该怎么办?WANT_WRITE 可以通过重复刚才调用的相同调用来回答吗?如果返回 WANT_READ,是否应该返回主循环并让 select/poll/epoll 处理这个问题?但是首先应该写的消息呢?
If the server wants to send a client some data, it will use ssl_write. Again, what is to be done if WANT_READ or WANT_WRITE are returned? Can the WANT_WRITE be answered by repeating the very same call that just was invoked? And if WANT_READ is returned, should one return to the main loop and let the select/poll/epoll take care of this? But what about the message that should be written in the first place?
还是应该在写入失败后立即进行读取?那么,当真正的解析器位于主循环中时,是什么防止从应用程序协议读取字节,然后不得不在应用程序外围的某个地方处理它?</p>
Or should the read be done right after the failed write? Then, what protects against reading bytes from the application protocol and then having to deal with it somewhere in the outskirts of the app, when the real parser sits in the mainloop?
推荐答案
对于非阻塞套接字,SSL_WANT_READ 的意思是等待套接字可读,然后再次调用此函数.";相反,SSL_WANT_WRITE 表示等待套接字可写,然后再次调用此函数.".您可以从 SSL_read() 或 SSL_write() 调用中获取 SSL_WANT_WRITE 或 SSL_WANT_READ.
With non-blocking sockets, SSL_WANT_READ means "wait for the socket to be readable, then call this function again."; conversely, SSL_WANT_WRITE means "wait for the socket to be writeable, then call this function again.". You can get either SSL_WANT_WRITE or SSL_WANT_READ from both an SSL_read() or SSL_write() call.
这篇关于如何在非阻塞套接字上处理 OpenSSL SSL_ERROR_WANT_READ/WANT_WRITE的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
