-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Tomas Neme wrote:

| The documentation's poor at best, and I don't completely get the
| general concepts. From reading examples I figure that only the
| BIO_f_ssl does encryption-decryption when written into? so what should
| I do if I want to provide an api that has functions b_encrypt and
| encrypt_flush?

If you want to do SSL, you should stick with BIO_f_ssl.
If you want to do some other encryption, you can use BIO_f_cipher.

| I have to use OpenSSL with memory buffers, because I
| can't give it direct access to sockets, so I'm wondering how to handle
| the handshakes and whatnot in a non-blocking way.

How good is your C ?
you could look into bio_s_socket and implement your own bio.
After you understood the concept behind BIO, it is simple to do...

| Do I need 2
| BIO_f_ssls, one for imput and one for output, or what?

No. you treat it almost as a normal socket:
You write data to be encrypted (and sent to the peer) into it and
read decrypted data (received from the peer) from it.

| I don't want the SSL
| object to handle the sockets directly because this has to be portable,
| but I don't fully understand which kinds of BIOs do I need to model
| this data flow, and how do I handle the handshakes and the such.

The SSL bio is just a filter.
It relies on an underlying BIO to do the low level IO communication.
This way you can use different network implementations to transport
the encrypted data.


Goetz

- --
DMCA: The greed of the few outweighs the freedom of the many
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.4-svn0 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFIA8EP2iGqZUF3qPYRAr0EAJ0fVnuLUsKWjJiaNdjxuQ rTx5XeAwCfa+jG
dDf6VRyXthXB+QJ4ye6i/cQ=
=Adx8
-----END PGP SIGNATURE-----
__________________________________________________ ____________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majordomo@openssl.org