原文:http://marc.info/?l=openssl-users&m=99909952822335&w=2
感觉这方面的资料非常少,这是能找到的比较有用的资源之一了.
[prev in list] [next in list] [prev in thread] [next in thread] List: openssl-users Subject: RE: OpenSSL and Winsock IO Completion Ports From: "Dale Peakall" <dale.peakall () bit-arts ! com> Date: 2001-08-29 15:36:59 [Download message RAW] > I am a bit new to OpenSSL, and I am a C++ Programmer. > I'm trying to develop a server that will use the OpenSSL library, under > the mechanism of Winsock's I/O Com[pletion Ports(IOCP). > Would someone please tell me how is it possible? The normal solution is to make use of the SSL libraries BIO mechanism. A BIO represents an I/O stream and all data read/written by the SSL library uses a BIO. When you call SSL_set_fd(), the SSL library internally creates a pair of BIO's that know how to read and write from a socket. You can make the SSL library read/write from a different type of BIO by using the SSL_set_bio() function. The type of BIO you want to use is created by calling BIO_new_bio_pair(). BIO_new_bio_pair() returns a pair of BIO's that are linked. One of the BIO's (generally called the 'internal' BIO) is used for reading/writing unencrypted data, the other (generally called the 'network' BIO) is used for reading/writing encrypted data. The BIO's are linked so that data written to the internal BIO appears encrypted on the network BIO and data written to the network BIO appears unencrypted on the internal BIO. A good place to look for example code is Lutz Jaenicke's Postfix/TLS toolkit. http://www.aet.tu-cottbus.de/personen/jaenicke/postfix_tls/ > I mean, the OpenSSL's read() and write() methods are only for plain send and recieve. Moreover, > to use the IOCP mechanism I need to use Overlapped IO, so how can I do this combining OpenSSL? > If there's an example I would like to have it. There's a lot of work involved in this, you basically need to have a pool of threads that wait on GetQueuedCompletionStatus(). When data is received they need to write it onto the network BIO. If the data is part of the SSL/TLS handshake (you can tell by calling SSL_in_init()) you need to call SSL_accept() or SSL_connect() depending on whether you're a client or a server. Otherwise, you need to call your application level handlers that try to read the data from the internal BIO and do whatever is appropriate. Having done this, you need to determine whether there's data to be written (you can tell be calling BIO_ctrl_pending() on the network BIO) and post an OVERLAPPED write request. Don't forget to post another OVERLAPPED read request and off you go. In addition, if you're acting as a server you'll need to handle accepting new connections (with WSAAsyncAccept()) etc. It all gets pretty complex, pretty quick, but it is manageable. It took me about three months development to write a basic server that does everything without leaking, crashing or running into a loop (that's without application code - apart from the message dispatcher). > Another thing: I would like to know how to properly build and configure a > certificate into the SSL Program. You can create the appropriate C structures from a certificate using the openssl x509 -C -noout -in <file> command (or something like that - the -C flag is the important one). ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majordomo@openssl.org [prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Donate | Add a list | Sponsors: 10East, KoreLogic, Chakpak.com
2011.06.14
其实,在他们的组里,还是有很多的相关资料的。不过,好像问个问题能得到回复总是比较难!