问题
I am confused about the difference between the BIO routines BIO_read()
/BIO_write()
and the SSL_read()
/SSL_write()
when the BIOs are memory BIOs and not socket BIOs.
I am trying to code a WebRTC server using libnice
for the ICE stack and OpenSSL for the DTLS stack. The ICE stack has the socket connection to the client so I cannot use the socket-based BIOs in OpenSSL. Instead, I am using the memory BIOs.
So the high level procedure I am using is that, when I receive the DTLS messages from the client on the ICE socket, I write that message to the DTLS stack using BIO_write()
. Then when the DTLS stack has a message to send to the client I get that message using the BIO_read()
and send it to the client using the ICE socket.
I have seen some examples of source code that does essentially this procedure, but they also call the SSL_read()
routine after the BIO_write()
call. This makes no sense to me. Why is the call to SSL_read()
necessary after I essentially have written the client message into the DTLS stack using the BIO_write()
call? If I do not call SSL_read()
after the BIO_write()
my code does not work. But when I call SSL_read()
after the BIO_write()
, this is indeed exchanging the handshake messages with the browser client.
Question: Using memory BIOs, what is the difference between BIO_read()
and SSL_read()
?
Question: Using memory BIOs, what is the difference between BIO_write()
and SSL_write()
?
Question: Is the default memory BIO blocking or non-blocking? I am assuming it is non-blocking since it is a memory-based BIO and not a socket-base BIO.
Thanks,
-Andres
回答1:
I stumbled upon the same problem with understanding how the whole thing works. I can provide you with some useful links and cites.
"The SSL layer is setup to work in buffer mode. So doing SSL_write means we're sending unencrypted bytes to the SSL library, so that it can encrypt these bytes and put the resulting encrypted bytes in a buffer. Then we read from the buffer using BIO_read. Same thing in reverse for reading. We ACTUALLY do BIO_write then SSL_read in that case."
Source: https://groups.google.com/forum/#!topic/grpc-io/8Ulf_G5kpyA
OpenSSL data handling - check this part from link below. It might give you some useful information. https://famellee.wordpress.com/2013/02/20/use-openssl-with-io-completion-port-and-certificate-signing/
BIOs - check this part from link below. It might give you some useful information. http://www.roxlu.com/2014/042/using-openssl-with-memory-bios
来源:https://stackoverflow.com/questions/38516584/what-is-the-difference-between-bio-read-bio-write-and-ssl-read-ssl-write-when-th