The SSL BIO should have the rbio from the SSL object as the next BIO. If you create the SSL BIO and then BIO_push() the TCP socket BIO into the SSL BIO, it will work correctly. Otherwise, you can just fix the next BIO of the SSL BIO by using BIO_up_ref(socketbio); BIO_set_next(sslbio, socketbio); The SSL BIO should always have a next BIO if properly initialized. Tomas Mraz, OpenSSL On Thu, 2022-09-29 at 13:02 -0700, Jay Foster wrote: > I have an application that constructs a chain of BIOs. Sometimes > this > chain also includes an SSL BIO. Years ago, I ran into a problem that > caused BIO_flush() to segfault on the SSL BIO. This turned out to > happen because the SSL BIO is added using SSL_set_bio() instead of > BIO_push(). SSL_set_bio() results in the SSL BIO always having a > NULL > bio_next value, so BIO_flush then crashes dereferencing this NULL > pointer when it calls BIO_copy_next_retry() on the SSL BIO (see > BIO_CTRL_FLUSH in ssl/bio_ssl.c). > > This was reported as ticket 2615 years ago. > > My question is, how could calling BIO_flush() on a BIO chain with an > SSL > BIO ever work? Is there a way to add the SSL BIO using BIO_push() > instead of SSL_set_bio()? > > Jay > -- Tomáš Mráz, OpenSSL
