阻塞到非阻塞模式更改的OpenSSL的BIO [英] Changing an OpenSSL BIO from blocking to non-blocking mode

问题描述

我有一个多线程应用程序，使大量使用的OpenSSL在C.它设计的想法，所有的SSL连接，预计阻拦。具体来说，阻断BIOS。他们都分配了一个进入端口是这样的：

  SSL = SSL_new（CTX）;
SSL_set_mode（SSL，SSL_MODE_AUTO_RETRY）;
袜子= BIO_new_socket（插座，BIO_CLOSE）;
SSL_set_bio（SSL，袜子，袜子）;
 

事实证明，虽然，也有codeBase类的，其中使用非阻塞的BIOS会是最好的选择了几个小零件。这将在非阻塞的BIOS中受益的小零件不知道哪个SSL连接将属于他们的方式。因此，他们总是收到阻塞BIOS。

的问题是，能阻挡BIOS被改变为非阻塞

我知道， BIO_set_nbio 可以用来制造生物无阻塞但文件说：

  

由于非阻塞I / O是在连接过程中设置的连接建立之前，BIO_set_nbio（）的调用应。

我曾经想过将复制BIO和重建，同时在某种程度上维护所有国家的另一种可能的选择。

解决方案

我做

非阻塞SSL连接在自己的狮子code，但我没有OpenSSL的所有使用BIO功能。

相反，我去了电话
SSL_set_fd（CTX，FD）和 SSL_get_fd（SSL）来处理我自己的fdsets并调用选择。

最大的'疑难杂症'是花了一段时间来跟踪是制定 SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER 和 SSL_MODE_ENABLE_PARTIAL_WRITE 为它工作我想要的方式。

如果你想读的code的SSL部分，它是在这里：

<一个href=\"http://www.lundman.net/cvs/viewvc.cgi/lundman/lion/src/tls.c?revision=1.10&view=markup\">http://www.lundman.net/cvs/viewvc.cgi/lundman/lion/src/tls.c?revision=1.10&view=markup

I have a multithreaded application that makes heavy use of OpenSSL in C. It is designed with the idea that all of its SSL connections are expected to block. Specifically, blocking BIOs. They are all allocated off a single incoming port like this:

ssl = SSL_new(ctx);
SSL_set_mode(ssl, SSL_MODE_AUTO_RETRY);
sock = BIO_new_socket(socket, BIO_CLOSE);
SSL_set_bio(ssl, sock, sock);

As it turns out though, there are a few small parts of the codebase where using non-blocking BIOs would be the best choice. The small parts that would benefit from the non-blocking BIOs have no way of knowing which SSL connections will belong to them. Thus, they always receive blocking BIOs.

The question is, can the blocking BIOs be changed to be non-blocking?

I know that BIO_set_nbio can be used to make a BIO non-blocking but the documentation says:

The call to BIO_set_nbio() should be made before the connection is established because non blocking I/O is set during the connect process.

Another possible option I have thought about would be to copy the BIO and recreate it, while somehow maintaining all of the state.

解决方案

I did non-blocking SSL connections in my own "lion" code, but I did not use the BIO functionality in OpenSSL at all.

Rather, I went for the calls SSL_set_fd(ctx, fd ) and SSL_get_fd(ssl) to handle my own fdsets and calling select.

The biggest 'gotcha' that took a while to track down was to set SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER and SSL_MODE_ENABLE_PARTIAL_WRITE for it work the way I wanted.

If you want to read the SSL part of the code, it is here:

http://www.lundman.net/cvs/viewvc.cgi/lundman/lion/src/tls.c?revision=1.10&view=markup

这篇关于阻塞到非阻塞模式更改的OpenSSL的BIO的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！