Databases
StackOverflow2013
Postsdbo
PO
 

Note that there are some explanatory texts on larger screens.

plurals
  1. PO
    primarykey
    data
    text
    <p>You're trying to "look through" the SSL black box. This is a huge mistake.</p> <pre><code> if (poll(pollin, timeout=0) || 0 &lt; SSL_pending(ssl)) { SSL_read(); </code></pre> <p>You're making the assumption that in order for <code>SSL_read</code> to make forward progress, it needs to read data from the socket. This is an assumption that can be false. For example, if a renegotiation is in progress, the SSL engine may need to send data next, not read data.</p> <pre><code> while (!poll(pollout)) ; // Wait until the pipe is ready for a send(). SSL_write(); </code></pre> <p>How do you know the SSL engine wants to write data to the pipe? Did it give you a <code>WANT_WRITE</code> indication? If not, maybe it needs to read renegotiation data in order to send.</p> <p>To use SSL in non-blocking mode, just attempt the operation you want to do. If you want to read decrypted data, call <code>SSL_read</code>. If you want to send encrypted data, call <code>SSL_write</code>. Only call <code>poll</code> if the SSL engine <em>tells you to</em>, with a <code>WANT_READ</code> or <code>WANT_WRITE</code> indication.</p> <p><strong>Update</strong>:: You have a "half of each" hybrid between blocking and non-blocking approaches. This cannot possibly work. The problem is simple: Until you call <code>SSL_read</code>, you don't know whether or not it needs to read from the socket. If you call <code>poll</code> first, you will block even if <code>SSL_read</code> does not need to read from the socket. If you call <code>SSL_read</code> first, it will block if it does need to read from the socket. <code>SSL_pending</code> won't help you. If <code>SSL_read</code> needs to <em>write</em> to the socket to make forward progress, <code>SSL_pending</code> will return zero, but calling <code>poll</code> will block forever.</p> <p>You have two sane choices:</p> <ol> <li><p>Blocking. Leave the sockets set blocking. Just call <code>SSL_read</code> when you want to read and <code>SSL_write</code> when you want to write. They <em>will</em> block. Blocking sockets can block, that's how they work.</p></li> <li><p>Non-blocking. Set the sockets non-blocking. Just call <code>SSL_read</code> when you want to read and <code>SSL_write</code> when you want to write. They will not block. If you get a <code>WANT_READ</code> indication, poll in the read direction. If you get a <code>WANT_WRITE</code> indication, poll in the write direction. Note that it is perfectly normal for <code>SSL_read</code> to return <code>WANT_WRITE</code>, and then you poll in the write direction. Similarly, <code>SSL_write</code> can return <code>WANT_READ</code>, and then you poll in the read direction.</p></li> </ol> <p>Your code would (mostly) work if the implementation of SSL_read was basically, "read some data then decrypt it" and SSL_write was "encrypt some data and send it". The problem is, these functions actually run a sophisticated state machine that reads and writes to the socket as needed and ultimately causes the effect of giving you decrypted data or encrypting your data and sending it.</p>
    singulars
    1. This table or related slice is empty.
    1. POSSL renegotiation with full duplex socket communication
      singulars
      1. PTQuestion
    1. PTAnswer
    1. USDavid Schwartz
    1. USDavid Schwartz
    plurals
    1. This table or related slice is empty.
    1. This table or related slice is empty.
    1. This table or related slice is empty.
    1. This table or related slice is empty.
    1. VO
      singulars
      1. PO
      1. This table or related slice is empty.
      1. VTUpMod
    2. VO
      singulars
      1. PO
      1. This table or related slice is empty.
      1. VTUpMod
    3. VO
      singulars
      1. PO
      1. This table or related slice is empty.
      1. VTUpMod
    1. COAs I mentioned in my question, the socket I have is of blocking nature and with blocking sockets, poll() is one way to know you won't end up blocking on recv()/send(). If I don't use poll() and call SSL_read on a blocking socket, I am bound to block until the other side sends something. In that case, how to deal with SSL renegotiations?
      singulars
      1. PO
      1. USKarthik
    2. CO@Karthik: You have to choose whether to use blocking sockets or non-blocking sockets and stick to that choice. If you want to use non-blocking sockets, set them non-blocking and follow my explanation. If you want to use blocking sockets, don't call `poll`. A "half of each" hybrid *will* *not* *work* for the reasons I explained -- polling on the *socket* does not tell you the readiness of the *SSL connection*.
      singulars
      1. PO
      1. USDavid Schwartz
    3. COThere is no "half of each" hybrid. Both sides use blocking sockets and with blocking sockets, poll() is inevitable. Also, see my update. I could get the same behavior with OpenSSL's s_client and s_server both of which use blocking sockets and select()s before doing a SSL_read() or SSL_write.
      singulars
      1. PO
      1. USKarthik
 

Querying!

 
Guidance
A row detail

Detail views are divided into sections. All the information in the data section comes from columns in the selected row. The other sections display data from other, related rows.

Related data can be related in a to-one or a to-many fashion. Captions of data related in a to-many fashion link to a list view showing a filtered view of the table.

Try moving around until you find a non-empty to-many entry and click on the label to get to one. You can move back to the root by clicking on the database name in the header.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload