On 06/02/15 15:48, Susan Hinrichs wrote: > Hello, > > In Apache Traffic Server we are primarily using SSL_accept and > SSL_read/SSL_write with file descriptor bios. > > But during the handshake, we need to feed in our own packets via > read-only buffers. We use the BIO mem_buf to pass along this data > without incurring another copy. But on each read during the handshake, > we need to reset the read bio. We leave the write bio as the file > descriptor bio the whole time. > > I originally tried to use SSL_set_bio(ssl, new_rbio, SSL_get_wbio(ssl)), > but that would adjust the output buffering and the handshake would not > complete. > > So we created a SSL_set_rbio(ssl, new_rbio), that just frees the old > rbio and sets the new one. It leaves the wbio and the bbio alone. > > This has worked well for us for a couple releases, but looking forward > to openssl 1.1, we will no longer be able to use this approach. Can > someone point me to the preferred way of updating a read bio without > affecting the write bio processing? Hmmmm... that's a good question. I don't think you can set just the rbio by itself. I wonder if maybe we extended SSL_set_bio, so that you could do this: SSL_set_bio(s, rbio, NULL); I'll look into it. This would be a good item to add to Rich's wiki page. Matt
