non-blocking version of SSL_peek - Openssl

This is a discussion on non-blocking version of SSL_peek - Openssl ; Hi, Can anyone tell me if SSL_peek is a blocking or non-blocking call ? When I use it inside my code, then the program blocks on this fuction call where there is no data on the socket. The reason I ...

+ Reply to Thread
Results 1 to 5 of 5

Thread: non-blocking version of SSL_peek

  1. non-blocking version of SSL_peek


    Hi,
    Can anyone tell me if SSL_peek is a blocking or non-blocking call ?
    When I use it inside my code, then the program blocks on this fuction call
    where there is no data on the socket.
    The reason I want to use this call is that before closing the SSL connection
    by using 'SSL_shutdown', I want to make sure that there is no pending data
    present on this connection.

    Is there any method to make the call SSL_peek non-blocking,i.e. it should
    return if there is no data present on SSL connection like that happens with
    tcp peek by using option MSG_PEEK|MSG_DONTWAIT.

    Or can SSL_pending be used for this purpose?
    Please suggest...

    I am using openSSL version 0.9.7b.
    --
    View this message in context: http://www.nabble.com/non-blocking-v...p19876548.html
    Sent from the OpenSSL - User mailing list archive at Nabble.com.

    __________________________________________________ ____________________
    OpenSSL Project http://www.openssl.org
    User Support Mailing List openssl-users@openssl.org
    Automated List Manager majordomo@openssl.org


  2. RE: non-blocking version of SSL_peek


    I think it is depend upon how you configured.


    Thank you.

    Regards,

    --Ajeet Kumar Singh



    Sarve Bhavantu Sukhina ,Sarve Santu NiramayaSarve Bhadrani Pashyantu , Maa
    Kaschit Dukha Bhagh Bhavet



    -----Original Message-----
    From: owner-openssl-users@openssl.org
    [mailtowner-openssl-users@openssl.org] On Behalf Of vne
    Sent: Wednesday, October 08, 2008 4:26 PM
    To: openssl-users@openssl.org
    Subject: non-blocking version of SSL_peek


    Hi,
    Can anyone tell me if SSL_peek is a blocking or non-blocking call ?
    When I use it inside my code, then the program blocks on this fuction call
    where there is no data on the socket.
    The reason I want to use this call is that before closing the SSL connection
    by using 'SSL_shutdown', I want to make sure that there is no pending data
    present on this connection.

    Is there any method to make the call SSL_peek non-blocking,i.e. it should
    return if there is no data present on SSL connection like that happens with
    tcp peek by using option MSG_PEEK|MSG_DONTWAIT.

    Or can SSL_pending be used for this purpose?
    Please suggest...

    I am using openSSL version 0.9.7b.
    --
    View this message in context:
    http://www.nabble.com/non-blocking-v...548p19876548.h
    tml
    Sent from the OpenSSL - User mailing list archive at Nabble.com.

    __________________________________________________ ____________________
    OpenSSL Project http://www.openssl.org
    User Support Mailing List openssl-users@openssl.org
    Automated List Manager majordomo@openssl.org


    __________________________________________________ ____________________
    OpenSSL Project http://www.openssl.org
    User Support Mailing List openssl-users@openssl.org
    Automated List Manager majordomo@openssl.org


  3. RE: non-blocking version of SSL_peek


    > Hi,
    > Can anyone tell me if SSL_peek is a blocking or non-blocking call ?


    It can be either.

    > When I use it inside my code, then the program blocks on this fuction call
    > where there is no data on the socket.


    If you're using blocking socket calls, that's what will happen.

    > The reason I want to use this call is that before closing the SSL
    > connection
    > by using 'SSL_shutdown', I want to make sure that there is no pending data
    > present on this connection.


    SSL_peek won't help. You need to call SSL_shutdown first and then check for
    any pending data. No matter when and how you call SSL_peek, there will still
    be a point before you call SSL_shutdown and after you call SSL_peek.

    If your protocol requires you to do this, the protocol is broken and really
    should be fixed. If it doesn't, why do this?

    > Is there any method to make the call SSL_peek non-blocking,i.e. it should
    > return if there is no data present on SSL connection like that
    > happens with
    > tcp peek by using option MSG_PEEK|MSG_DONTWAIT.


    > Or can SSL_pending be used for this purpose?
    > Please suggest...


    > I am using openSSL version 0.9.7b.


    What is your outer problem? Why do you think you need to do this? What
    protocol are you implementing over SSL?

    DS


    __________________________________________________ ____________________
    OpenSSL Project http://www.openssl.org
    User Support Mailing List openssl-users@openssl.org
    Automated List Manager majordomo@openssl.org


  4. RE: non-blocking version of SSL_peek




    David Schwartz wrote:
    >
    >
    >> Hi,
    >> Can anyone tell me if SSL_peek is a blocking or non-blocking call ?

    >
    > It can be either.
    >
    >> When I use it inside my code, then the program blocks on this fuction
    >> call
    >> where there is no data on the socket.

    >
    > If you're using blocking socket calls, that's what will happen.
    >
    > Yes you are right. I made the socket non-blocking and then SSL_peek
    > returned when there is no data.
    >

    >
    >> The reason I want to use this call is that before closing the SSL
    >> connection
    >> by using 'SSL_shutdown', I want to make sure that there is no pending
    >> data
    >> present on this connection.

    >
    > SSL_peek won't help. You need to call SSL_shutdown first and then check
    > for
    > any pending data. No matter when and how you call SSL_peek, there will
    > still
    > be a point before you call SSL_shutdown and after you call SSL_peek.
    >
    > If your protocol requires you to do this, the protocol is broken and
    > really
    > should be fixed. If it doesn't, why do this?
    >
    > Actually before closing a TLS connection I need to make sure that no
    > pending data is present on the that socket. So, calling SSL_peek would
    > tell if this is the case or not.
    >
    > As you are saying that SSL_peek should be called before SSL_shutdown, then
    > how is it ensured that the connection gets closed only if all the data
    > arrived on that socket is processed ? Does SSL_shutdown takes care of this
    > ? or what is the significance of calling SSL_peek after SSL_shutdown ?
    >
    > I am using SIP over TLS and it does not specify any such thing related to
    > tls.
    >
    > thanks !!!
    >

    >
    >> Is there any method to make the call SSL_peek non-blocking,i.e. it should
    >> return if there is no data present on SSL connection like that
    >> happens with
    >> tcp peek by using option MSG_PEEK|MSG_DONTWAIT.

    >
    >> Or can SSL_pending be used for this purpose?
    >> Please suggest...

    >
    >> I am using openSSL version 0.9.7b.

    >
    > What is your outer problem? Why do you think you need to do this? What
    > protocol are you implementing over SSL?
    >
    > DS
    >
    >
    > __________________________________________________ ____________________
    > OpenSSL Project http://www.openssl.org
    > User Support Mailing List openssl-users@openssl.org
    > Automated List Manager majordomo@openssl.org
    >
    >


    --
    View this message in context: http://www.nabble.com/non-blocking-v...p19917760.html
    Sent from the OpenSSL - User mailing list archive at Nabble.com.

    __________________________________________________ ____________________
    OpenSSL Project http://www.openssl.org
    User Support Mailing List openssl-users@openssl.org
    Automated List Manager majordomo@openssl.org


  5. RE: non-blocking version of SSL_peek


    > Actually before closing a TLS connection I need to make sure that no
    > pending data is present on the that socket. So, calling SSL_peek would
    > tell if this is the case or not.


    No, it won't. Okay, you call SSL_peek, and there's no pending data.

    Now, you're about to call SSL_shutdown. How do you know there's no pending
    data *NOW*? Just because there wasn't before, it doesn't mean there isn't
    now.

    The only way to know that there's no pending data when you call SSL_shutdown
    is for the protocol you are implementing to ensure that. Otherwise, you will
    always have a race.

    > As you are saying that SSL_peek should be called before
    > SSL_shutdown,


    No, there's no point. If you didn't know there was no data before SSL_peek,
    you still won't know there's no data *now* after.

    > then how is it ensured that the connection gets closed only if all the

    data
    > arrived on that socket is processed ? Does SSL_shutdown takes
    > care of this
    > ? or what is the significance of calling SSL_peek after SSL_shutdown ?


    No, the higher-level protocol takes care of this. When a request is
    completed, the other end will have nothing more to send. When you finish
    replying, what else would the other end send? If there's a "keep the
    connection in case and close it after a timeout", the protocol handles a
    close with pending data smoothly (since there's always a race in a timeout).

    > I am using SIP over TLS and it does not specify any such thing
    > related to
    > tls.


    If nobody else knows offhand, I'll do some research into SIP and see how it
    handles that case. No sane protocol requires you to race to shutdown and
    hope and pray the other end doesn't send some data at the wrong time.

    DS


    __________________________________________________ ____________________
    OpenSSL Project http://www.openssl.org
    User Support Mailing List openssl-users@openssl.org
    Automated List Manager majordomo@openssl.org


+ Reply to Thread