0

I want to add an ssl support to an old chat application I wrote years ago. I did a lot of reading on OpenSSL and LibreSSL and I decided to try a new libtls API. I think developers did a really great job on this one. I found it to be very easy to use - almost no changes to my existing code where required. But here is one thing I need to figure out now:

Back in a day, I was using select() to monitor sockets and recv() to read a data. This was easy, because both of those functions are working on file descriptors.

Now, with libtls, function tls_read() requires a tls context as a first argument. This means I need to search the list of clients to get an appropriate tls context every time I have a descriptor ready to be read. This is not that hard but maybe someone knows a better solution? I will appreciate all comments and code samples.

Benjamin Pollack
  • 27,594
  • 16
  • 81
  • 105
Piotr K
  • 1
  • Please share some code and a clear question. http://stackoverflow.com/help/how-to-ask – bibi Feb 13 '16 at 16:41

1 Answers1

1

Unless I'm misreading the documentation, it seems to me that if you create the sockets yourself, and then use tls_connect_fds/tls_connect_socket/tls_accept_fds/tls_accept_socket afterwards, you'll have normal file handles available you can trivially use with select()/poll()/etc. You'd still need to keep around some sort of file descriptor to context mapping to actually issue the tls_read/tls_write once you were ready, but that's just your choice of linked list or hashtable, depending on what language you're using and what stdlib you have available.

Benjamin Pollack
  • 27,594
  • 16
  • 81
  • 105
  • Can you cite the documentation stating this? I'm skeptical because every SSL/TLS implementation I've worked with has a way to check if there are decoded bytes that are being buffered by the TLS layer, no longer reported by poll() or select(). These can be checked for with SSL_pending (OpenSSL), gnutls_record_check_pending (GNU TLS), SSLGetBufferedReadSize (OSX Secure Transport). mbedTLS doesn't provide a friendly way to check; a workaround is to trying reading a byte, then stash it until the next read. – Perette Sep 13 '17 at 17:47