Is there any way to flush the SSL write buffer

Question

I have written one SSL client using OpenSSL APIs to interact with one SSL server. In OpenSSL site I learned that write buffer needs to be flushed after writing some data. I am using SSL_Write and SSL_Read in my client program. As OpenSSL site suggested I tried to flush the data using BIO_flush(BIO* ), I am getting crash here.

I am using the SSL libraries got from this site

Here I am not clear about whether BIO_flush flashes the read buffer or write buffer..:-( So I just wanted to know is there any other ways to flush the SSL write buffer...?

Here is the details about my client program.

1. Creating SSL object(mSsl) using SSL_new
2. Creating a TCP socket and making connection with server
3. Creating BIO object(mBio) using BIO_new_socket(socket_id,BIO_NOCLOSE)
4. Setting the BIO object to SSL object using SSL_set_bio(mSsl,mBio,mBio);
5. Setting the socket to SSL object using SSL_set_fd(mSsl,socket_id);
6. Making SSL connection with server using SSL_Connect(mSsl);

After the above steps I am starting two separate threads for write and read. Write thread uses SSL_write to write the data to server and Read thread uses SSL_Read to read the data from the server.

In Write thread after writing each packet using SSL_Write I am calling BIO_flush(mBio).

In whole program I am directly using mBio object only in this place for doing bio buffer flush.

When I do start sending the some packets, program in crashing in BIO_flush... As per the dump says its in BIO_ctrl function. I am not getting anything more than that.

Did any one used the library which I have provided link above and facing the same problem.. ? If yes please let me know if you know the solution.

Is there any thread synchronization rules to use BIO_flush()...? I mean call to BIO_flush SSL_Read should not happen at the same time like that... ?

Answer 1

Where did you learn that the write buffer would need to be flushed after a write?

I was also looking for a flush function, but could not find one.

I think it works like this: Every call to SSL_write produces at least one SSL record and emits that out to the socket, where the nagle algorithm might buffer it in the kernel for a moment and quickly submits it to the outside.

So there is no buffering in SSL_write and therefore no flush!

I'd rather have a flush function and fill all SSL records to the brim, but that's not available as far as I see. I now plan to do my own buffering and to do as large calls to SSL_write as possible.

BTW: I just wrote a little test program: It sends a buffer with one write and then I ran it again, calling SSL_write for each character. Both times I run tcpdump and in Wireshark I could see that the first run had few large application data records and the second run had many small records. So I think it's confirmed.

Answer 2

BIO_flush is used to flush write data.

Your mix and match of BIO_flush and SSL_read/write is problematic because the BIO structure is not aware of your SSL_read/write calls.

You'll get much better results from using BIO_read/write.

If you absolutely need to be using SSL_read/write you should avoid using BIOs.

I think you'll get much farther with the example at the end of this OpenSSL documentation.

Simple OpenSSL Client Example

If you're still getting crashes when trying that example, you might be having issues with the particular library build you are using.