2015-06-05 20:18 GMT+02:00 Matt Caswell <matt at openssl.org>: > > I see you got it working! Just some comments below > > On 05/06/15 12:34, Lorenzo Miniero wrote: > > I've started looking into filters and I have some doubts, though, also > > taking into account what you suggested, and I apologize again if this > > turns out to be silly. As far as I've understood, what I should do is > > changing the current pattern I use for outgoing packets: > > > > application < memBIO < ssl > > > > to something like this: > > > > application < memBIO < filter < ssl > > > > or this: > > > > application < filter < memBIO < ssl > > > > that is, a new BIO filter that enforces the fragmentation I talked > > about. Not exactly sure about which one should be the way to go, but > > I've given this some thought. > > I took a very brief look at your code and I see you went with the first > option. That's fine, although I would have done it slightly differently: > > application <-- -- ssl > | | > | V > filter > ^ V > memBIO > > i.e. the filter does all the reading and writing to the memBIO. libssl > calls BIO_write(), the filter takes note of the packet sizes, and then > writes to the membBIO. When the application wants to read data it calls > BIO_read on the filter, and the filter figures out how big the packet > needs to be and reads that amount out of the memBIO. Your way works too > though. > > Matt > Ah I didn't know that was an option: I'm quite unfamiliar with how BIO filters worked, and so I just went with what made sense to me while experimenting with them. I'll try doing something along the lines you suggested as soon as I have some time, thanks! Lorenzo -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20150605/c1dfd184/attachment-0001.html>
