1=pod
2
3=begin comment
4
5NB: Changes to the source code samples in this file should also be reflected in
6demos/guide/quic-client-non-block.c
7
8=end comment
9
10=head1 NAME
11
12ossl-guide-quic-client-non-block
13- OpenSSL Guide: Writing a simple nonblocking QUIC client
14
15=head1 SIMPLE NONBLOCKING QUIC CLIENT EXAMPLE
16
17This page will build on the example developed on the
18L<ossl-guide-quic-client-block(7)> page which demonstrates how to write a simple
19blocking QUIC client. On this page we will amend that demo code so that it
20supports nonblocking functionality.
21
22The complete source code for this example nonblocking QUIC client is available
23in the B<demos/guide> directory of the OpenSSL source distribution in the file
24B<quic-client-non-block.c>. It is also available online at
25L<https://github.com/openssl/openssl/blob/master/demos/guide/quic-client-non-block.c>.
26
27As we saw in the previous example an OpenSSL QUIC application always uses a
28nonblocking socket. However, despite this, the B<SSL> object still has blocking
29behaviour. When the B<SSL> object has blocking behaviour then this means that
30it waits (blocks) until data is available to read if you attempt to read from
31it when there is no data yet. Similarly it waits when writing if the B<SSL>
32object is currently unable to write at the moment. This can simplify the
33development of code because you do not have to worry about what to do in these
34cases. The execution of the code will simply stop until it is able to continue.
35However in many cases you do not want this behaviour. Rather than stopping and
36waiting your application may need to go and do other tasks whilst the B<SSL>
37object is unable to read/write, for example updating a GUI or performing
38operations on some other connection or stream.
39
40We will see later in this tutorial how to change the B<SSL> object so that it
41has nonblocking behaviour. With a nonblocking B<SSL> object, functions such as
42L<SSL_read_ex(3)> or L<SSL_write_ex(3)> will return immediately with a non-fatal
43error if they are currently unable to read or write respectively.
44
45Since this page is building on the example developed on the
46L<ossl-guide-quic-client-block(7)> page we assume that you are familiar with it
47and we only explain how this example differs.
48
49=head2 Performing work while waiting for the socket
50
51In a nonblocking application you will need work to perform in the event that
52we want to read or write to the B<SSL> object but we are currently unable to.
53In fact this is the whole point of using a nonblocking B<SSL> object, i.e. to
54give the application the opportunity to do something else. Whatever it is that
55the application has to do, it must also be prepared to come back and retry the
56operation that it previously attempted periodically to see if it can now
57complete. Ideally it would only do this in the event that something has changed
58such that it might succeed on the retry attempt, but this does not have to be
59the case. It can retry at any time.
60
61Note that it is important that you retry exactly the same operation that you
62tried last time. You cannot start something new. For example if you were
63attempting to write the text "Hello World" and the operation failed because the
64B<SSL> object is currently unable to write, then you cannot then attempt to
65write some other text when you retry the operation.
66
67In this demo application we will create a helper function which simulates doing
68other work. In fact, for the sake of simplicity, it will do nothing except wait
69for the state of the underlying socket to change or until a timeout expires
70after which the state of the B<SSL> object might have changed. We will call our
71function C<wait_for_activity()>.
72
73    static void wait_for_activity(SSL *ssl)
74    {
75        fd_set wfds, rfds;
76        int width, sock, isinfinite;
77        struct timeval tv;
78        struct timeval *tvp = NULL;
79
80        /* Get hold of the underlying file descriptor for the socket */
81        sock = SSL_get_fd(ssl);
82
83        FD_ZERO(&wfds);
84        FD_ZERO(&rfds);
85
86        /*
87         * Find out if we would like to write to the socket, or read from it (or
88         * both)
89         */
90        if (SSL_net_write_desired(ssl))
91            FD_SET(sock, &wfds);
92        if (SSL_net_read_desired(ssl))
93            FD_SET(sock, &rfds);
94        width = sock + 1;
95
96        /*
97         * Find out when OpenSSL would next like to be called, regardless of
98         * whether the state of the underlying socket has changed or not.
99         */
100        if (SSL_get_event_timeout(ssl, &tv, &isinfinite) && !isinfinite)
101            tvp = &tv;
102
103        /*
104         * Wait until the socket is writeable or readable. We use select here
105         * for the sake of simplicity and portability, but you could equally use
106         * poll/epoll or similar functions
107         *
108         * NOTE: For the purposes of this demonstration code this effectively
109         * makes this demo block until it has something more useful to do. In a
110         * real application you probably want to go and do other work here (e.g.
111         * update a GUI, or service other connections).
112         *
113         * Let's say for example that you want to update the progress counter on
114         * a GUI every 100ms. One way to do that would be to use the timeout in
115         * the last parameter to "select" below. If the tvp value is greater
116         * than 100ms then use 100ms instead. Then, when select returns, you
117         * check if it did so because of activity on the file descriptors or
118         * because of the timeout. If the 100ms GUI timeout has expired but the
119         * tvp timeout has not then go and update the GUI and then restart the
120         * "select" (with updated timeouts).
121         */
122
123        select(width, &rfds, &wfds, NULL, tvp);
124}
125
126If you are familiar with how to write nonblocking applications in OpenSSL for
127TLS (see L<ossl-guide-tls-client-non-block(7)>) then you should note that there
128is an important difference here between the way a QUIC application and a TLS
129application works. With a TLS application if we try to read or write something
130to the B<SSL> object and we get a "retry" response (B<SSL_ERROR_WANT_READ> or
131B<SSL_ERROR_WANT_WRITE>) then we can assume that is because OpenSSL attempted to
132read or write to the underlying socket and the socket signalled the "retry".
133With QUIC that is not the case. OpenSSL may signal retry as a result of an
134L<SSL_read_ex(3)> or L<SSL_write_ex(3)> (or similar) call which indicates the
135state of the stream. This is entirely independent of whether the underlying
136socket needs to retry or not.
137
138To determine whether OpenSSL currently wants to read or write to the underlying
139socket for a QUIC application we must call the L<SSL_net_read_desired(3)> and
140L<SSL_net_write_desired(3)> functions.
141
142It is also important with QUIC that we periodically call an I/O function (or
143otherwise call the L<SSL_handle_events(3)> function) to ensure that the QUIC
144connection remains healthy. This is particularly important with a nonblocking
145application because you are likely to leave the B<SSL> object idle for a while
146while the application goes off to do other work. The L<SSL_get_event_timeout(3)>
147function can be used to determine what the deadline is for the next time we need
148to call an I/O function (or call L<SSL_handle_events(3)>).
149
150An alternative to using L<SSL_get_event_timeout(3)> to find the next deadline
151that OpenSSL must be called again by is to use "thread assisted" mode. In
152"thread assisted" mode OpenSSL spawns an additional thread which will
153periodically call L<SSL_handle_events(3)> automatically, meaning that the
154application can leave the connection idle safe in the knowledge that the
155connection will still be maintained in a healthy state. See
156L</Creating the SSL_CTX and SSL objects> below for further details about this.
157
158In this example we are using the C<select> function to check the
159readability/writeability of the socket because it is very simple to use and is
160available on most Operating Systems. However you could use any other similar
161function to do the same thing. C<select> waits for the state of the underlying
162socket(s) to become readable/writeable or until the timeout has expired before
163returning.
164
165=head2 Handling errors from OpenSSL I/O functions
166
167A QUIC application that has been configured for nonblocking behaviour will need
168to be prepared to handle errors returned from OpenSSL I/O functions such as
169L<SSL_read_ex(3)> or L<SSL_write_ex(3)>. Errors may be fatal for the stream (for
170example because the stream has been reset or because the underlying connection
171has failed), or non-fatal (for example because we are trying to read from the
172stream but no data has not yet arrived from the peer for that stream).
173
174L<SSL_read_ex(3)> and L<SSL_write_ex(3)> will return 0 to indicate an error and
175L<SSL_read(3)> and L<SSL_write(3)> will return 0 or a negative value to indicate
176an error. L<SSL_shutdown(3)> will return a negative value to incidate an error.
177
178In the event of an error an application should call L<SSL_get_error(3)> to find
179out what type of error has occurred. If the error is non-fatal and can be
180retried then L<SSL_get_error(3)> will return B<SSL_ERROR_WANT_READ> or
181B<SSL_ERROR_WANT_WRITE> depending on whether OpenSSL wanted to read to or write
182from the stream but was unable to. Note that a call to L<SSL_read_ex(3)> or
183L<SSL_read(3)> can still generate B<SSL_ERROR_WANT_WRITE>. Similarly calls to
184L<SSL_write_ex(3)> or L<SSL_write(3)> might generate B<SSL_ERROR_WANT_READ>.
185
186Another type of non-fatal error that may occur is B<SSL_ERROR_ZERO_RETURN>. This
187indicates an EOF (End-Of-File) which can occur if you attempt to read data from
188an B<SSL> object but the peer has indicated that it will not send any more data
189on the stream. In this case you may still want to write data to the stream but
190you will not receive any more data.
191
192Fatal errors that may occur are B<SSL_ERROR_SYSCALL> and B<SSL_ERROR_SSL>. These
193indicate that the stream is no longer usable. For example, this could be because
194the stream has been reset by the peer, or because the underlying connection has
195failed. You can consult the OpenSSL error stack for further details (for example
196by calling L<ERR_print_errors(3)> to print out details of errors that have
197occurred). You can also consult the return value of
198L<SSL_get_stream_read_state(3)> to determine whether the error is local to the
199stream, or whether the underlying connection has also failed. A return value
200of B<SSL_STREAM_STATE_RESET_REMOTE> tells you that the stream has been reset by
201the peer and B<SSL_STREAM_STATE_CONN_CLOSED> tells you that the underlying
202connection has closed.
203
204In our demo application we will write a function to handle these errors from
205OpenSSL I/O functions:
206
207    static int handle_io_failure(SSL *ssl, int res)
208    {
209        switch (SSL_get_error(ssl, res)) {
210        case SSL_ERROR_WANT_READ:
211        case SSL_ERROR_WANT_WRITE:
212            /* Temporary failure. Wait until we can read/write and try again */
213            wait_for_activity(ssl);
214            return 1;
215
216        case SSL_ERROR_ZERO_RETURN:
217            /* EOF */
218            return 0;
219
220        case SSL_ERROR_SYSCALL:
221            return -1;
222
223        case SSL_ERROR_SSL:
224            /*
225             * Some stream fatal error occurred. This could be because of a
226             * stream reset - or some failure occurred on the underlying
227             * connection.
228             */
229            switch (SSL_get_stream_read_state(ssl)) {
230            case SSL_STREAM_STATE_RESET_REMOTE:
231                printf("Stream reset occurred\n");
232                /*
233                 * The stream has been reset but the connection is still
234                 * healthy.
235                 */
236                break;
237
238            case SSL_STREAM_STATE_CONN_CLOSED:
239                printf("Connection closed\n");
240                /* Connection is already closed. */
241                break;
242
243            default:
244                printf("Unknown stream failure\n");
245                break;
246            }
247            /*
248             * If the failure is due to a verification error we can get more
249             * information about it from SSL_get_verify_result().
250             */
251            if (SSL_get_verify_result(ssl) != X509_V_OK)
252                printf("Verify error: %s\n",
253                    X509_verify_cert_error_string(SSL_get_verify_result(ssl)));
254            return -1;
255
256        default:
257            return -1;
258        }
259    }
260
261This function takes as arguments the B<SSL> object that represents the
262connection, as well as the return code from the I/O function that failed. In
263the event of a non-fatal failure, it waits until a retry of the I/O operation
264might succeed (by using the C<wait_for_activity()> function that we developed
265in the previous section). It returns 1 in the event of a non-fatal error
266(except EOF), 0 in the event of EOF, or -1 if a fatal error occurred.
267
268=head2 Creating the SSL_CTX and SSL objects
269
270In order to connect to a server we must create B<SSL_CTX> and B<SSL> objects for
271this. Most of the steps to do this are the same as for a blocking client and are
272explained on the L<ossl-guide-quic-client-block(7)> page. We won't repeat that
273information here.
274
275One key difference is that we must put the B<SSL> object into nonblocking mode
276(the default is blocking mode). To do that we use the
277L<SSL_set_blocking_mode(3)> function:
278
279    /*
280     * The underlying socket is always nonblocking with QUIC, but the default
281     * behaviour of the SSL object is still to block. We set it for nonblocking
282     * mode in this demo.
283     */
284    if (!SSL_set_blocking_mode(ssl, 0)) {
285        printf("Failed to turn off blocking mode\n");
286        goto end;
287    }
288
289Although the demo application that we are developing here does not use it, it is
290possible to use "thread assisted mode" when developing QUIC applications.
291Normally, when writing an OpenSSL QUIC application, it is important that
292L<SSL_handle_events(3)> (or alternatively any I/O function) is called on the
293connection B<SSL> object periodically to maintain the connection in a healthy
294state. See L</Performing work while waiting for the socket> for more discussion
295on this. This is particularly important to keep in mind when writing a
296nonblocking QUIC application because it is common to leave the B<SSL> connection
297object idle for some time when using nonblocking mode. By using "thread assisted
298mode" a separate thread is created by OpenSSL to do this automatically which
299means that the application developer does not need to handle this aspect. To do
300this we must use L<OSSL_QUIC_client_thread_method(3)> when we construct the
301B<SSL_CTX> as shown below:
302
303    ctx = SSL_CTX_new(OSSL_QUIC_client_thread_method());
304    if (ctx == NULL) {
305        printf("Failed to create the SSL_CTX\n");
306        goto end;
307    }
308
309=head2 Performing the handshake
310
311As in the demo for a blocking QUIC client we use the L<SSL_connect(3)> function
312to perform the handshake with the server. Since we are using a nonblocking
313B<SSL> object it is very likely that calls to this function will fail with a
314non-fatal error while we are waiting for the server to respond to our handshake
315messages. In such a case we must retry the same L<SSL_connect(3)> call at a
316later time. In this demo we do this in a loop:
317
318    /* Do the handshake with the server */
319    while ((ret = SSL_connect(ssl)) != 1) {
320        if (handle_io_failure(ssl, ret) == 1)
321            continue; /* Retry */
322        printf("Failed to connect to server\n");
323        goto end; /* Cannot retry: error */
324    }
325
326We continually call L<SSL_connect(3)> until it gives us a success response.
327Otherwise we use the C<handle_io_failure()> function that we created earlier to
328work out what we should do next. Note that we do not expect an EOF to occur at
329this stage, so such a response is treated in the same way as a fatal error.
330
331=head2 Sending and receiving data
332
333As with the blocking QUIC client demo we use the L<SSL_write_ex(3)> function to
334send data to the server. As with L<SSL_connect(3)> above, because we are using
335a nonblocking B<SSL> object, this call could fail with a non-fatal error. In
336that case we should retry exactly the same L<SSL_write_ex(3)> call again. Note
337that the parameters must be I<exactly> the same, i.e. the same pointer to the
338buffer to write with the same length. You must not attempt to send different
339data on a retry. An optional mode does exist
340(B<SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER>) which will configure OpenSSL to allow
341the buffer being written to change from one retry to the next. However, in this
342case, you must still retry exactly the same data - even though the buffer that
343contains that data may change location. See L<SSL_CTX_set_mode(3)> for further
344details. As in the TLS tutorials (L<ossl-guide-tls-client-block(7)>) we write
345the request in three chunks.
346
347    /* Write an HTTP GET request to the peer */
348    while (!SSL_write_ex(ssl, request_start, strlen(request_start), &written)) {
349        if (handle_io_failure(ssl, 0) == 1)
350            continue; /* Retry */
351        printf("Failed to write start of HTTP request\n");
352        goto end; /* Cannot retry: error */
353    }
354    while (!SSL_write_ex(ssl, hostname, strlen(hostname), &written)) {
355        if (handle_io_failure(ssl, 0) == 1)
356            continue; /* Retry */
357        printf("Failed to write hostname in HTTP request\n");
358        goto end; /* Cannot retry: error */
359    }
360    while (!SSL_write_ex(ssl, request_end, strlen(request_end), &written)) {
361        if (handle_io_failure(ssl, 0) == 1)
362            continue; /* Retry */
363        printf("Failed to write end of HTTP request\n");
364        goto end; /* Cannot retry: error */
365    }
366
367On a write we do not expect to see an EOF response so we treat that case in the
368same way as a fatal error.
369
370Reading a response back from the server is similar:
371
372    do {
373        /*
374         * Get up to sizeof(buf) bytes of the response. We keep reading until
375         * the server closes the connection.
376         */
377        while (!eof && !SSL_read_ex(ssl, buf, sizeof(buf), &readbytes)) {
378            switch (handle_io_failure(ssl, 0)) {
379            case 1:
380                continue; /* Retry */
381            case 0:
382                eof = 1;
383                continue;
384            case -1:
385            default:
386                printf("Failed reading remaining data\n");
387                goto end; /* Cannot retry: error */
388            }
389        }
390        /*
391         * OpenSSL does not guarantee that the returned data is a string or
392         * that it is NUL terminated so we use fwrite() to write the exact
393         * number of bytes that we read. The data could be non-printable or
394         * have NUL characters in the middle of it. For this simple example
395         * we're going to print it to stdout anyway.
396         */
397        if (!eof)
398            fwrite(buf, 1, readbytes, stdout);
399    } while (!eof);
400    /* In case the response didn't finish with a newline we add one now */
401    printf("\n");
402
403The main difference this time is that it is valid for us to receive an EOF
404response when trying to read data from the server. This will occur when the
405server closes down the connection after sending all the data in its response.
406
407In this demo we just print out all the data we've received back in the response
408from the server. We continue going around the loop until we either encounter a
409fatal error, or we receive an EOF (indicating a graceful finish).
410
411=head2 Shutting down the connection
412
413As in the QUIC blocking example we must shutdown the connection when we are
414finished with it.
415
416Even though we have received EOF on the stream that we were reading from above,
417this tell us nothing about the state of the underlying connection. Our demo
418application will initiate the connection shutdown process via
419L<SSL_shutdown(3)>.
420
421Since our application is initiating the shutdown then we might expect to see
422L<SSL_shutdown(3)> give a return value of 0, and then we should continue to call
423it until we receive a return value of 1 (meaning we have successfully completed
424the shutdown). Since we are using a nonblocking B<SSL> object we might expect to
425have to retry this operation several times. If L<SSL_shutdown(3)> returns a
426negative result then we must call L<SSL_get_error(3)> to work out what to do
427next. We use our handle_io_failure() function that we developed earlier for
428this:
429
430    /*
431     * Repeatedly call SSL_shutdown() until the connection is fully
432     * closed.
433     */
434    while ((ret = SSL_shutdown(ssl)) != 1) {
435        if (ret < 0 && handle_io_failure(ssl, ret) == 1)
436            continue; /* Retry */
437    }
438
439=head2 Final clean up
440
441As with the blocking QUIC client example, once our connection is finished with
442we must free it. The steps to do this for this example are the same as for the
443blocking example, so we won't repeat it here.
444
445=head1 FURTHER READING
446
447See L<ossl-guide-quic-client-block(7)> to read a tutorial on how to write a
448blocking QUIC client. See L<ossl-guide-quic-multi-stream(7)> to see how to write
449a multi-stream QUIC client.
450
451=head1 SEE ALSO
452
453L<ossl-guide-introduction(7)>, L<ossl-guide-libraries-introduction(7)>,
454L<ossl-guide-libssl-introduction(7)>, L<ossl-guide-quic-introduction(7)>,
455L<ossl-guide-quic-client-block(7)>, L<ossl-guide-quic-multi-stream(7)>
456
457=head1 COPYRIGHT
458
459Copyright 2023 The OpenSSL Project Authors. All Rights Reserved.
460
461Licensed under the Apache License 2.0 (the "License").  You may not use
462this file except in compliance with the License.  You can obtain a copy
463in the file LICENSE in the source distribution or at
464L<https://www.openssl.org/source/license.html>.
465
466=cut
467