[plt-scheme] ssl/tls connections
From: nik gaffney (nik at fo.am)
Date: Tue Mar 31 13:30:42 EDT 2009 |
|
On 31/03/2009 18:48, Matthew Flatt wrote:
> At Tue, 31 Mar 2009 13:55:15 +0100, Noel Welsh wrote:
>> Try syncing on the input and output ports, rather than peeking. I
>> don't know for sure but I guess that sync is implemented in terms of
>> select, and the OpenSSL docs suggest you can use select to determine
>> if data is ready without committing to a read or a write.
>
> No, I think that's not the case. Socket-level data may just mean that
> the other end started a negotiation about the protocol and doesn't
> intend to send any payload.
>
> After paging back in, I'm sure I've looked at this a couple of times
> before, and I always conclude as the `openssl' library docs say: you
> can't even ask whether the other end has provided data (though
> `char-ready?', `sync' or other means) without committing to reading
> data. I'm fairly certain that this is a limitation of the OpenSSL
> protocol. (Of course, if anyone knows otherwise and can point me to the
> right OpenSSL library functions, I'd be happy to improve the `openssl'
> module.)
>From the article Noel referred to [1] it looks like the interaction
between select() and the ssl read & write functions is not particularly
obvious. however, it suggests using the SSL_ERROR_WANT_READ and
SSL_ERROR_WANT_WRITE to help coordinate SSL_write() and SSL_read() (and
potentially SSL_want_read() and SSL_want_write() also. ..)
After a brief look through the openssl manpages, it might help to sync
reads and writes on the scheme ports by exposing SSL_want() and/or using
the result to flush any pending data.
Would there be a way to emulate this within the existing openssl module?
[1] http://www.linuxjournal.com/article/5487
regards,
nik