On Mon, Nov 14, 2016 at 10:04 AM, Matt Caswell <matt@xxxxxxxxxxx> wrote: > During the handshake phase OpenSSL adds a buffering BIO in front of the > wbio. However when you call SSL_get_wbio(), you get back the *real* wbio > (without the bbio on the front). This is a change of behaviour between > 1.1.0 and 1.0.2, and was because it was considered a bug that you could > get back a different wbio from SSL_get_wbio() than the one that you > originally set! > > So calling BIO_set_write_buffer_size() on the return from SSL_get_wbio() > is going to make no difference at all! > > Unfortunately, I don't think there *is* a way to get the bbio in 1.1.0. > I would certainly consider a pull request to add an accessor to get hold > of it (missing accessors are considered as bug-fixes and so would be > eligible for inclusion in a future 1.1.0d). It would be pretty trivial to implement SSL_get_bbio(), and then we could patch up nginx to use it at the appropriate time (assuming CB_ACCEPT_LOOP is still the appropriate time - I haven't tried yet). But from an API usability standpoint for server implementation, this whole way of dealing with things seems pretty un-intuitive. Perhaps there should be SSL-level APIs for setting the write buffer size before the handshaking code is entered? SSL_set_write_buffer_size() intended to be used shortly after SSL_new(), but before handshaking begins, and SSL_CTX_set_write_buffer_size() to set the default inherited by SSL_new(). The implementation details of the buffer would then be more-opaque, and when the bbio is first initialized it can be sized appropriately from the parameter set by those functions and stored in ssl_session_st. -- Brandon -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
