Home/ Questions/Q 7498597
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-29T19:31:36+00:00

I am trying to use OpenSSL in my application, and achieve a secure connection.

  • 0

I am trying to use OpenSSL in my application, and achieve a secure connection.

At first I tried:

  1. create ssl struct
  2. create socketbio for the tcp socket
  3. create a sslbio
  4. set socketbio to SSL strcut
  5. SSL_accept(ssl)
  6. BIO_push(ssl, socketbio)

This cause handshake to happen successfully, but application data wasn’t properly decrypted.

Then I tweaked a little, and relaced 6 with

(new) BIO_ctrl(sslbio, SET_SSL, ssl)

and things worked fine.

I Wanted to know, what’s wrong with previous approach, and what’s causing the new apprach work?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    It’s hard to answer the question without knowing why you think BIO_push is all you need to do. At any rate, you shouldn’t call BIO_ctrl directly. You should use the high-level wrapper BIO_set_ssl defined in bio.h:

    #define BIO_set_ssl(b,ssl,c)    BIO_ctrl(b,BIO_C_SET_SSL,c,(char *)ssl)

    This macro sets the ssl member of the BIO object as you can see in bio_ssl.c: 

        case BIO_C_SET_SSL:
            if (ssl != NULL)
                    ssl_free(b);
            b->shutdown=(int)num;
            ssl=(SSL *)ptr;
            ((BIO_SSL *)b->ptr)->ssl=ssl;
            bio=SSL_get_rbio(ssl);
            if (bio != NULL)
                    {
                    if (b->next_bio != NULL)
                            BIO_push(bio,b->next_bio);
                    b->next_bio=bio;
                    CRYPTO_add(&bio->references,1,CRYPTO_LOCK_BIO);
                    }
            b->init=1;
            break;

    The important step in this function is not the BIO_push, but rather is where it sets the ssl pointer in the BIO_SSL object to your active SSL context, i.e., ((BIO_SSL *)b->ptr)->ssl=ssl;.

    • 0