Please report new issues athttps://github.com/DOCGroup
The non-blocking I/O in the ACE SSL wrappers needs to be verified. Previously it was not working at all but I recently made some changes/updates that may improve or correct the problem. However, support for certificates was also added so we may need to add certificate related calls to the tests/examples to be able to get them to run.
Made summary more explicit.
So much for reducing the size of my bug list.
The problem wasn't corrected by the changes, however a new set of updates I'll be committing soon may actually correct the problem.
To truly correct non-blocking I/O support in ACE's SSL wrappers (specifically ACE_SSL_SOCK_Stream), we need to put the SSL_read() call in a do-while loop, for example, that continues to loop until SSL_pending returns false, i.e.: do { result = SSL_read (...); } while (SSL_pending (this->ssl_); Only then should we return to the event demultiplexing loop (e.g. select() loop, reactor event loop, etc.). This is necessary since SSL is a record-based protocol, not a stream-based protocol. The entire record must be read before returning. For example, if we're reading 23 bytes via the SSL_read() call, then we cannot stop until the full record(s) is read from the stream. Even if the record(s) size surpasses the 23 bytes, 23 bytes will still be placed into the supplied buffer. Note that this does not apply to non-blocking SSL writes. Full records are always written to the stream. It is non-blocking SSL reads that must be addressed.
Bala is starting to merge non-blocking I/O support into TAO (a good thing to do!). However, this may break TAO's SSLIOP pluggable protocol since ACE's SSL wrappers don't fully support non-blocking I/O yet. I bumped up the priority and severity of this bug due this reason. It should be fixed before ACE 5.1.13 becomes publically available.
This bug doesn't really depend on bug 132 but they are related.
We may need to apply the SSL_pending() "do-while" loop to the other OpenSSL I/O calls, such as SSL_shutdown(), SSL_connect() and SSL_accept().
Fixed. All OpenSSL IO calls have been wrapped by a do-while (SSL_pending()) loop. This should finally take care of the non-blocking IO issues in the ACE SSL wrappers, at least the major ones. I'm still not too sure about SSL_connects(), but things should at least be noticeably better now. Tue Mar 20 01:33:24 2001 Ossama Othman <ossama@uci.edu> * ace/SSL/SSL_SOCK_Acceptor.cpp (ssl_accept): * ace/SSL/SSL_SOCK_Connector.cpp (ssl_connect): * ace/SSL/SSL_SOCK_Stream.i (send, close): Wrap the underlying OpenSSL calls in a do-while(SSL_pending()) loop. I decided to wrap the SSL_write() calls just in case. This should fix the last of the non-blocking IO issues in ACE's SSL wrappers. [Bug 393] Tue Mar 20 00:40:43 2001 Ossama Othman <ossama@uci.edu> * ace/SSL/SSL_SOCK_Stream.i (recv): Fixed non-blocking IO support for this method. It was necessary to ensure that a full SSL record was read before returning control to the caller. Note that the send() method doesn't need modification since OpenSSL always writes a full record before returning. [Bug 393]