SSL_renegotiation using non block sockets

> Thanks pj, the code was real helpful.
>
> Just one minor clarification, once a call to SSL_renegotiate is made,
> should I check the protocol status by calling SSL_accept (mine is server)
> within the while loop you have? I have gone into an "accept_pending"
> state and calling SSL_accept until it returns with a 1..is this correct?
>
> Thanks
> --Gayathri
>
> Hi I did the same thing yesterday myself but because I wanted to implement a
> timeout solution as well as quick shutdown of my COM object via object
> notification.  You might be able to hack my work ... this is what I came up
> with... It takes a blocking socket, makes it un-blocking... negotiates with
> timeout and signalling considerations and then passes back normal error
> codes...
>
>
>
> // SSLConnectWithTimeout, connect to a remote server with timeout
> int CHTTP::SSLConnectWithTimeout(DWORD timeout, SOCKET s, SSL *ssl) {
>        //-------------------------
>        // Set the socket I/O mode: In this case FIONBIO
>        // enables or disables the blocking mode for the
>        // socket based on the numerical value of iMode.
>        // If iMode = 0, blocking is enabled;
>        // If iMode != 0, non-blocking mode is enabled.
>        int iMode = 1;
>
>        LogInformation2("Running SSL non-blocking connection timeout = %ld",
> timeout);
>        if (timeout) {
>                // establish non- blocking mode to enable us to time out.
>                ioctlsocket(s, FIONBIO, (u_long FAR*) &iMode);
>        }
>
>        // make the connection attempt
>
>        int nRet = SSL_connect(ssl);
>
>        // if we are using a timeout then ...
>        if (timeout) {
>                // convert nRet to a real error if necessary
>                if (nRet != 1)
>                        nRet = SSL_get_error(ssl, nRet);
>
>                LogInformation2("connect run return value %d.", nRet);
>                LogInformation1("Starting SSL polling loop");
>                // get the start time
>                DWORD starttime = timeGetTime();
>                while ((nRet==SSL_ERROR_WANT_READ ||
> nRet==SSL_ERROR_WANT_WRITE) && !isStopEventSignaled()) {
>
>                        // Back off to let the connection happen.
>                        //Sleep(50);
>                        // reiterate the connection
>                        nRet = SSL_connect(ssl);
>                        if (nRet != 1)
>                                nRet = SSL_get_error(ssl, nRet);
>
>                        // check for timeout
>                        if ((timeGetTime() - starttime >= timeout) ||
> m_signalled) {
>                                // return an error
>                                nRet = -1;
>                                break;
>                        }
>                }
>                LogInformation2("Finished polling loop signalled? %d",
> m_signalled);
>                // if we made it to here with nRet = 1 we are SSL connected
>                if (nRet == 1) {
>                        LogInformation2("Successful connection made!
> returning %d.", nRet);
>                        // turn off non-blocking mode, back to blocking mode
> for the rest
>                        // of the connection
>                        iMode = 0;
>                        ioctlsocket(s, FIONBIO, (u_long FAR*) &iMode);
>                }
>                else {
>                        // just a log the error, remember logging disappears
> when compiled
>                        // without LOG_BUILD defined.
>                        LogInformation2("Timeout occurred returning %d.",
> nRet);
>                }
>        }
>        // return connection state.
>        return nRet;
> }
>
> -----Original Message-----
> From: [hidden email]
> [mailto:[hidden email]] On Behalf Of [hidden email]
> Sent: Thursday, 2 June 2005 2:14 PM
> To: [hidden email]
> Subject: SSL_renegotiation using non block sockets
>
> Hi,
>
> I am using Non Blocking sockets, and would like to
> know the behaviour wrt SSL_renegotiation.
> Once I make a call to do_handshake, as the FD is non
> blocking it will return immediately with a success,
> but from the application's point of view how will it come
> to know that the renegotiation in thro' so that it can
> call SSL_write/SSL_read? Should the application poll on that
> do_handshake flag within the ssl control block?
>
> Any suggestion/help appreciated a lot.
>
> Thanks
> --Gayathri
> ______________________________________________________________________
> OpenSSL Project                                 http://www.openssl.org
> User Support Mailing List                    [hidden email]
> Automated List Manager                           [hidden email]
>
> --
> No virus found in this incoming message.
> Checked by AVG Anti-Virus.
> Version: 7.0.322 / Virus Database: 267.4.0 - Release Date: 1/06/2005
>
>
> --
> No virus found in this outgoing message.
> Checked by AVG Anti-Virus.
> Version: 7.0.322 / Virus Database: 267.4.0 - Release Date: 1/06/2005
>
>
> ______________________________________________________________________
> OpenSSL Project                                 http://www.openssl.org
> User Support Mailing List                    [hidden email]
> Automated List Manager                           [hidden email]
>
>
> ______________________________________________________________________
> OpenSSL Project                                 http://www.openssl.org
> User Support Mailing List                    [hidden email]
> Automated List Manager                           [hidden email]
>