5 NB: Changes to the source code samples in this file should also be reflected in
18 L<ossl-guide-tls-client-block(7)> page which demonstrates how to write a simple
28 until data is available to read if you attempt to read from it when there is no
29 data yet. Similarly it waits when writing if the socket is currently unable to
31 not have to worry about what to do in these cases. The execution of the code
32 will simply stop until it is able to continue. However in many cases you do not
34 to go and do other tasks whilst the socket is unable to read/write, for example
37 With a nonblocking socket attempting to read or write to a socket that is
38 currently unable to read or write will return immediately with a non-fatal
39 error. Although OpenSSL does the reading/writing to the socket this nonblocking
40 behaviour is propagated up to the application so that OpenSSL I/O functions such
47 =head2 Setting the socket to be nonblocking
49 The first step in writing an application that supports nonblocking is to set
51 exact details on how to do this can differ from one platform to another.
54     /* Set to nonblocking mode */
60 You do not have to use OpenSSL's function for this. You can of course directly
66 In a nonblocking application you will need work to perform in the event that
67 we want to read or write to the socket, but we are currently unable to. In fact
68 this is the whole point of using a nonblocking socket, i.e. to give the
69 application the opportunity to do something else. Whatever it is that the
70 application has to do, it must also be prepared to come back and retry the
71 operation that it previously attempted periodically to see if it can now
74 before), but this does not have to be the case. It can retry at any time.
78 attempting to write the text "Hello World" and the operation failed because the
79 socket is currently unable to write, then you cannot then attempt to write
84 for the state of the socket to change.
107          * makes this demo block until it has something more useful to do. In a
108          * real application you probably want to go and do other work here (e.g.
111          * Let's say for example that you want to update the progress counter on
112          * a GUI every 100ms. One way to do that would be to add a 100ms timeout
113          * in the last parameter to "select" below. Then, when select returns,
115          * because of the timeout. If it is due to the timeout then update the
125 to use and is available on most Operating Systems. However you could use any
126 other similar function to do the same thing. C<select> waits for the state of
127 the underlying socket(s) to become readable/writeable before returning. It also
129 applications you can make use of this to periodically wake up and perform work
130 while waiting for the socket state to change. But we don't use that timeout
135 An application that uses a nonblocking socket will need to be prepared to
138 connection has failed), or non-fatal (for example because we are trying to read
141 L<SSL_read_ex(3)> and L<SSL_write_ex(3)> will return 0 to indicate an error and
142 L<SSL_read(3)> and L<SSL_write(3)> will return 0 or a negative value to indicate
143 an error. L<SSL_shutdown(3)> will return a negative value to incidate an error.
145 In the event of an error an application should call L<SSL_get_error(3)> to find
148 B<SSL_ERROR_WANT_WRITE> depending on whether OpenSSL wanted to read to or write
149 from the socket but was unable to. Note that a call to L<SSL_read_ex(3)> or
151 may need to write protocol messages (such as to update cryptographic keys) even
152 if the application is only trying to read data. Similarly calls to
156 indicates an EOF (End-Of-File) which can occur if you attempt to read data from
158 on it. In this case you may still want to write data to the connection but you
162 indicate that the underlying connection has failed. You should not attempt to
164 OpenSSL attempted to make a syscall that failed. You can consult B<errno> for
167 L<ERR_print_errors(3)> to print out details of errors that have occurred).
169 In our demo application we will write a function to handle these errors from
194             * If the failure is due to a verification error we can get more
216 In order to connect to a server we must create B<SSL_CTX> and B<SSL> objects for
224 to perform the TLS handshake with the server. Since we are using a nonblocking
225 socket it is very likely that calls to this function will fail with a non-fatal
226 error while we are waiting for the server to respond to our handshake messages.
234         printf("Failed to connect to server\n");
239 Otherwise we use the C<handle_io_failure()> function that we created earlier to
240 work out what we should do next. Note that we do not expect an EOF to occur at
245 As with the blocking TLS client demo we use the L<SSL_write_ex(3)> function to
246 send data to the server. As with L<SSL_connect(3)> above, because we are using
249 parameters must be I<exactly> the same, i.e. the same pointer to the buffer to
250 write with the same length. You must not attempt to send different data on a
252 which will configure OpenSSL to allow the buffer being written to change from
253 one retry to the next. However, in this case, you must still retry exactly the
259     /* Write an HTTP GET request to the peer */
263         printf("Failed to write start of HTTP request\n");
269         printf("Failed to write hostname in HTTP request\n");
275         printf("Failed to write end of HTTP request\n");
279 On a write we do not expect to see an EOF response so we treat that case in the
286          * Get up to sizeof(buf) bytes of the response. We keep reading until
304          * that it is NUL terminated so we use fwrite() to write the exact
307          * we're going to print it to stdout anyway.
315 The main difference this time is that it is valid for us to receive an EOF
316 response when trying to read data from the server. This will occur when the
328 If our application was initiating the shutdown then we would expect to see
329 L<SSL_shutdown(3)> give a return value of 0, and then we would continue to call
331 the shutdown). In this particular example we don't expect SSL_shutdown() to
334 Since we are using a nonblocking socket we might expect to have to retry this
336 must call L<SSL_get_error(3)> to work out what to do next. We use our
359 must free it. The steps to do this for this example are the same as for the
364 See L<ossl-guide-tls-client-block(7)> to read a tutorial on how to write a
365 blocking TLS client. See L<ossl-guide-quic-client-block(7)> to see how to do the

Last Index update Fri Nov 22 14:03:13 UTC 2024

Dedicated to & Maintained by Room-11