This is a discussion on Re: SSL overhead - Openssl ; -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Tomas Neme wrote: | The documentation's poor at best, and I don't completely get the | general concepts. From reading examples I figure that only the | BIO_f_ssl does encryption-decryption when written into? so ...
-----BEGIN PGP SIGNED MESSAGE-----
Tomas Neme wrote:
| The documentation's poor at best, and I don't completely get the
| general concepts. From reading examples I figure that only the
| BIO_f_ssl does encryption-decryption when written into? so what should
| I do if I want to provide an api that has functions b_encrypt and
If you want to do SSL, you should stick with BIO_f_ssl.
If you want to do some other encryption, you can use BIO_f_cipher.
| I have to use OpenSSL with memory buffers, because I
| can't give it direct access to sockets, so I'm wondering how to handle
| the handshakes and whatnot in a non-blocking way.
How good is your C ?
you could look into bio_s_socket and implement your own bio.
After you understood the concept behind BIO, it is simple to do...
| Do I need 2
| BIO_f_ssls, one for imput and one for output, or what?
No. you treat it almost as a normal socket:
You write data to be encrypted (and sent to the peer) into it and
read decrypted data (received from the peer) from it.
| I don't want the SSL
| object to handle the sockets directly because this has to be portable,
| but I don't fully understand which kinds of BIOs do I need to model
| this data flow, and how do I handle the handshakes and the such.
The SSL bio is just a filter.
It relies on an underlying BIO to do the low level IO communication.
This way you can use different network implementations to transport
the encrypted data.
DMCA: The greed of the few outweighs the freedom of the many
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.4-svn0 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
-----END PGP SIGNATURE-----
OpenSSL Project http://www.openssl.org
User Support Mailing List email@example.com
Automated List Manager firstname.lastname@example.org