Why does SSL_set_bio takes two pointers to BIO as parameters? (OpenSSL “BIO_s_mem” VS “BIO_s_bio”)

Question

SSL_set_bio uses two OpenSSL BIOs: the input BIO (rbio) and the output BIO (wbio). The first one is used when OpenSSL needs to get dat

Answer 1

Usually SSL/TLS uses one TCP socket for the link. In that case you can use the following function for setting fd to ssl:

SSL_set_fd(ssl, tcp_socket_fd);

But, there can be use cases where 2 unidirectional file descriptors are used instead of one TCP socket.

For example, if you want to implement TLS server as child of tcpd. Then your server's file descriptors for TCP traffic are:

• STDIN_FILENO for input stream
• STDOUT_FILENO for output stream

In that case SSL_set_fd() can not be used, and you can play with two BIOs:

   // not tested
   BIO* in = BIO_new_fd(STDIN_FILENO, 0);
   BIO* out = BIO_new_fd(STDOUT_FILENO, 0);
   SSL_set_bio(ssl, in, out);

Maybe it is better to use SSL_set_rfd() and SSL_set_wfd(). But that was just an example.