困惑OpenSSL的非阻塞I / O [英] Confused about OpenSSL non-blocking I/O
问题描述
在一般情况下,OpenSSL库(C API)似乎提供了两种方法可以做到一切:您可以使用配置根据自己的喜好平淡系统插槽,也可以使用OpenSSL BIO 这是有点像流对象。
In general, the OpenSSL library (C API) seems to offer two ways to do everything: you can either use plain system sockets configured to your liking, or you can use OpenSSL BIO objects which are sort of like streams.
不过,我经常被一些重复的功能相混淆。例如,你如何让SSL连接无阻塞?一种方法似乎是简单地访问底层文件描述符并将其设置为使用非阻塞的fcntl 。但也有 BIO_set_nbio 称为OpenSSL的API函数,该函数在 BIO * 对象,并将其设置为非阻塞模式。
However, I'm often confused by some of the duplicated functionality. For example, how do you make an SSL connection non-blocking? One way seems to be to simply access the underlying file descriptor and set it to non-blocking using fcntl. But there is also an OpenSSL API function called BIO_set_nbio which takes in a BIO* object and sets it to non-blocking mode.
那么,什么是建立一个非阻塞SSL套接字的最佳方法?如果传递的OpenSSL是的已的通过 fnctl 设置为非阻塞模式的本地文件描述符会发生什么?你还需要专门调用 BIO_set_nbio ,使 BIO 对象非阻塞?
So what is the best way to set up a non-blocking SSL socket? What happens if you pass OpenSSL a native file descriptor which is already set to non-blocking mode via fnctl? Do you still need to specifically call BIO_set_nbio to make the BIO object non-blocking?
推荐答案
我想大多数人preFER的BIO接口,但BIO程序只使用任何本地非阻塞套接字的API可用的平台上。我不知道,如果你混搭会发生什么。
I think most people prefer the BIO interface, but the BIO routines just use whatever native non-blocking socket APIs that are available on the platform. I don't know what happens if you mix and match.
请注意,对于SSL非阻塞I / O是的多的比TCP棘手一般。如果你不明白这要在你将要折磨自己。有书由 John Viega合着并通过另一个埃里克Rescorla 是进入这个,你一定可以阅读OpenSSL的邮件列表,让这个已经引起胃灼热感。显示出一些好的code例子无阻塞SSL编程的OpenSSL包含在软件的 TOR项目,而<一个HREF =http://curl.haxx.se/>卷曲工具。
Note that non-blocking I/O for SSL is much trickier than for TCP in general. If you don't understand this going in you're going to be torturing yourself. There are books by John Viega and another by Eric Rescorla that go into this, and you can certainly read the OpenSSL mailing list to get a sense of the heartburn this has caused. Some good code examples showing non-blocking SSL programming with OpenSSL are contained in the software for the TOR project, and the curl utility.
这篇关于困惑OpenSSL的非阻塞I / O的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
