CODEWITHSUNDEEP
sslopenssl
Soft Ware
Soft Ware

Reputation: 141

SSL_pending, read and write with non blocking sockets?

I have short period of time to send and read my messages.

If I use SSL_pending, can I be sure a call does not block?

From: https://www.openssl.org/docs/ssl/SSL_pending.html "Data are received in blocks from the peer. Therefore data can be buffered inside ssl and are ready for immediate retrieval with SSL_read."

So if the server responded to my request with a response. Will SSL_pending only give me the whole TLS record or not? So I can then be sure that I read the whole message at once?

And if the server only replies with one TLS block this is never a problem then? """ SSL_pending() takes into account only bytes from the TLS/SSL record that is currently being processed (if any). If the SSL object's read_ahead flag is set (see SSL_CTX_set_read_ahead), additional protocol bytes may have been read containing more TLS/SSL records; these are ignored by SSL_pending().

Up to OpenSSL 0.9.6, SSL_pending() does not check if the record type of pending data is application data. """

For SSL_write, can I check if it is possible to send everything at once? So my SSL_write won't block? I use nonblocking sockets, I cannot have any blocking actions what so ever.

Is 4ms to little time to SSL_read 16kb?

Edit (added content) because I still don't fully understand it: I can do the handshake correctly with non blocking sockets but I get problems when I do SSL_read and SSL_write.

When I call SSL_pending I always get 0 but I can read with SSL_read if I call it directly. But using SSL_read will block for non blocking sockets as well or will it return directly if there is nothing to read? I must read the whole message/record or nothing.

For SSL_write, what do I do if it returns without sending the whole message? just call it again with an offset of sent_bytes into the buffer? if it fails to send all I ask for, will it take time then?

Sidequestion: Do I have to set socket to async as well to use it as non blocking or is it enough to set it to non blocking?

SSL_pending does not seem to actually return the correct nbr of bytes. Do you first have to call SSL_read and not read a whole record for SSL_pending to return nonzero? I need to do nonblocking read of a record whose size is not known (it can vary because of names of things in the xml). Is that possible? I haven't figured out if SSL_read will return immediately if there is nothing to read and you use non blocking sockets. In that case I could SSL_read(1 byte) then check SSL_pending for the size of the rest of the record and read that. Should I use select instead? or a combination of select, SSL_read and SSL_pending? Check for read_fds, SSL_read 1 byte then SSL_pending for complete size and then SSL_read that?

Summary of unanswered questions:

  1. Can a call to SSL_read still block on a non blocking socket?

  2. Can SSL_write block or will it return immediately if it can't write all? What is immediately, is 4ms to little time to be able to trust it to finish?

  3. To really get non blocking sockets do i have to use a combination of select, SSL_read and SSL_pending? select for read_fds, SSL_read 1 byte then check SSL_pending for the complete size of the record?**

Upvotes: 1

Views: 4622

Answers (1)

Steffen Ullrich
Steffen Ullrich

Reputation: 123270

SSL_pending will not read any new data from the socket. It just will tell you if there are still unread data from the last frame.

Example:

  • server sends 10k data within a single SSL frame
  • you try to read 8k data with SSL_read. Because it can only decode the data once it has received the full SSL frame it will read the full 10k frame, decode the full frame and the return the first 8k from this frame.
  • if you then call SSL_pending it will tell you that there are still 2k data pending

Will SSL_pending only give me the whole TLS record or not?

SSL_pending give you the part from the SSL_frame which is not already returned by the SSL_read.

For SSL_write, can I check if it is possible to send everything at once?

No. But SSL_write will return with an error if sending all the data failed. Exact behavior depends on the CTX_mode. Look at the documentation for details.

Is 4ms to little time to SSL_read 16kb?

This depends on the bandwidth and latency, performance of client and server etc.

Upvotes: 2

Related Questions