[gnutls-dev] Re: SSL_connect and non-blocking i/o

Simon Josefsson jas at extundo.com
Thu Jul 13 14:15:42 CEST 2006


Emile van Bergen <emile-gnutls at e-advies.nl> writes:

> Hi,
>
> On Thu, Jul 13, 2006 at 12:53:00AM +0000, Jefferson Ogata wrote:
>
>> In libextra/gnutls_openssl.c, we have:
>> 
>> int
>> SSL_connect (SSL * ssl)
>> {
>> ...
>>   err = gnutls_handshake (ssl->gnutls_state);
>> 
>> Meanwhile, the gnutls_handshake() docs indicate that gnutls_handshake()
>> should be called repeatedly until err == 0 or gnutls_error_is_fatal(err)
>> is true.
>> 
>> So I'm debugging an application that uses the gnutls/OpenSSL
>> compatibility and is using a non-blocking socket for the underlying
>> transport; it returns from SSL_connect() without completing a handshake.
>> I tweak gnutls libextra/gnutls_openssl.c as follows and that fixes my
>> problem:
>> 
>> -    err = gnutls_handshake(ssl->gnutls_state);
>> +    do
>> +    {
>> +       err = gnutls_handshake(ssl->gnutls_state);
>> +    } while (err < 0 && !gnutls_error_is_fatal (err));
>> 
>> I can't be the only person who has run into this, can I?
>
> The idea is that you only repeat the call, but wait first till you
> estimate it can now do a bit more, eg. because select has indicated data
> has become available in the socket.
>
> Simply adding a loop would seem to create a busy wait for data to
> appear, and that can't be good.

I thought that the SSL_connect API in OpenSSL was supposed to block,
but the man page reads:

       If the underlying BIO is blocking, SSL_connect() will only return once
       the handshake has been finished or an error occurred.

       If the underlying BIO is non-blocking, SSL_connect() will also return
       when the underlying BIO could not satisfy the needs of SSL_connect() to
       continue the handshake, indicating the problem by the return value -1.

So I have reverted the patch.  Sorry for the trigger happy commit.

/Simon



More information about the Gnutls-dev mailing list