[gnutls-dev] Re: SSL_connect and non-blocking i/o
Simon Josefsson
jas at extundo.com
Thu Jul 13 14:15:42 CEST 2006
Emile van Bergen <emile-gnutls at e-advies.nl> writes:
> Hi,
>
> On Thu, Jul 13, 2006 at 12:53:00AM +0000, Jefferson Ogata wrote:
>
>> In libextra/gnutls_openssl.c, we have:
>>
>> int
>> SSL_connect (SSL * ssl)
>> {
>> ...
>> err = gnutls_handshake (ssl->gnutls_state);
>>
>> Meanwhile, the gnutls_handshake() docs indicate that gnutls_handshake()
>> should be called repeatedly until err == 0 or gnutls_error_is_fatal(err)
>> is true.
>>
>> So I'm debugging an application that uses the gnutls/OpenSSL
>> compatibility and is using a non-blocking socket for the underlying
>> transport; it returns from SSL_connect() without completing a handshake.
>> I tweak gnutls libextra/gnutls_openssl.c as follows and that fixes my
>> problem:
>>
>> - err = gnutls_handshake(ssl->gnutls_state);
>> + do
>> + {
>> + err = gnutls_handshake(ssl->gnutls_state);
>> + } while (err < 0 && !gnutls_error_is_fatal (err));
>>
>> I can't be the only person who has run into this, can I?
>
> The idea is that you only repeat the call, but wait first till you
> estimate it can now do a bit more, eg. because select has indicated data
> has become available in the socket.
>
> Simply adding a loop would seem to create a busy wait for data to
> appear, and that can't be good.
I thought that the SSL_connect API in OpenSSL was supposed to block,
but the man page reads:
If the underlying BIO is blocking, SSL_connect() will only return once
the handshake has been finished or an error occurred.
If the underlying BIO is non-blocking, SSL_connect() will also return
when the underlying BIO could not satisfy the needs of SSL_connect() to
continue the handshake, indicating the problem by the return value -1.
So I have reverted the patch. Sorry for the trigger happy commit.
/Simon
More information about the Gnutls-dev
mailing list