OpenSSL server and thread pools - Openssl

This is a discussion on OpenSSL server and thread pools - Openssl ; I'm playing around with OpenSSL development and was curious about how to do thread pools with an OpenSSL server. I've implemented the client/server in the book"Network Security with OpenSSL", and can successfully send data back and forth. The way the ...

+ Reply to Thread
Results 1 to 2 of 2

Thread: OpenSSL server and thread pools

  1. OpenSSL server and thread pools

    I'm playing around with OpenSSL development and was curious about how to do
    thread pools with an OpenSSL server. I've implemented the client/server in
    the book"Network Security with OpenSSL", and can successfully send data back
    and forth. The way the code works is by spawning a new thread when a
    connection is established:

    (code snippet below)

    BIO_do_accept(acc);

    for (; {
    BIO_do_accept(acc);

    client = BIO_pop(acc);
    ssl = SSL_new(ctx);
    SSL_set_accept_state(ssl);
    SSL_set_bio(ssl, client, client);
    THREAD_CREATE(tid, server_thread, ssl);
    }


    I've read a guide on how to do thread pools with basic socket calls, and it
    says each thread should just call accept() on the socket, and the underlying
    network layer will select one of the waiting accept() calls.

    Is the same true when using OpenSSL()?

    In my code, I call the initial BIO_do_accept(acc); Then I create a pool of 8
    threads, each one calling

    if (BIO_do_accept(acc) <= 0)
    printf("cannot accept\n");

    Here, acc is a class variable, so it is shared among all the threads. I have
    setup locking to prevent concurrent access to it.

    The problem is I get an infinite number of "cannot accept" messages, showing
    that BIO_do_accept() was not waiting for a connection.

    I have searched around and could not find any examples on OpenSSL thread
    pools. If anyone would happen to have a snippet?

    Best,
    Matt


  2. Re: OpenSSL server and thread pools

    Hi,

    I think this is what you want to do :

    Inside one thread :

    for(;{
    socket = accept() //regular socket accept
    ssl = SSL_new(ctx);
    client=BIO_new(BIO_s_socket());
    BIO_set_fd(client, socket, BIO_NOCLOSE);
    SSL_set_bio(ssl, client, client);
    SSL_accept(ssl)
    ...
    SSL_shutdown(ssl);
    SSL_free(ssl);
    close(socket);
    }

    Don't forget thread safety.

    Regards,

    Kris



+ Reply to Thread