This is a discussion on Re: SSL_poll() or _select()? - Openssl ; > int SSL_poll(struct pollfd *fds, nfds_t nfds, int timeout, > struct SSL_pollctx *sctx, nfds_t nsctx); I like this approach a lot. Could someone with great familiarity of OpenSSL's guts give the five minute explanation of what's involved in making this ...
> int SSL_poll(struct pollfd *fds, nfds_t nfds, int timeout,
> struct SSL_pollctx *sctx, nfds_t nsctx);
I like this approach a lot. Could someone with great familiarity of
OpenSSL's guts give the five minute explanation of what's involved in making
this happen? I can start with what I know, and maybe that will save somoene
some time (they may just have to explain where I'm wrong).
First, SSL_poll has to check if any of the SSL contexts can make forward
progress immediately based just on what OpenSSL knows internally. For read,
this means any decrypted data bytes are buffered. For write, this means that
no negotiation data needs to be read first.
While this is taking place, OpenSSL can build its own 'struct pollfd'. It
should probably put the user's fds first to make post-processing simpler.
But then it should add any fds it discovers need to be blocked on to permit
forward progress on the SSL connections.
If any connections can make forward progress immediately, it should free the
'poll' structure it was building and return immediately. (Note: There should
perhaps be some return value that means 'check only the SSL structures'.) If
not, OpenSSL should call SSL_poll with the newly-build set.
If there's a timeout, OpenSSL should return immediately. If any sockets are
discovered, OpenSSL should try to account for all of them looking at just
the sockets it added (the end of the set). If OpenSSL can account for all
the connections, it just updates the SSL poll context and is done. If not,
it has to copy the user's poll data and returns.
Perhaps the SSL poll context should have a field for the number of SSL
connections discovered and should return only the number of non-SSL
connections discovered. This preserves the semantic simplicity (the return
value has the same meaning to existing non-SSL-aware 'poll' code).
Am I missing anything? Is there any reason this is particularly difficult?
We don't want to have to call SSL_read/SSL_write and get a block indication
or attempted socket I/O on every connection. We only want to check what we
know on our own status with no system calls prior to calling 'poll'. Is
there any reason that's overly difficult?
PS: Apologies for any odd formatting. This isn't my usual mail program.
OpenSSL Project http://www.openssl.org
Development Mailing List firstname.lastname@example.org
Automated List Manager email@example.com