When using OpenSSL with non blocking sockets its convenient to use the transparent negotiation

Question

0

Asked: May 17, 20262026-05-17T14:52:26+00:00 2026-05-17T14:52:26+00:00

When using OpenSSL with non blocking sockets its convenient to use the transparent negotiation

0

When using OpenSSL with non blocking sockets its convenient to use the transparent negotiation mode where the negotiation is initiated by calling SSL_write on a not-yet-securely-connected SSL context, and then handling the resulting error (usually SSL_WANT_READ) to read a handshake packet from the output BIO and send it over the transport.

However, without the explicit (blocking) call to SSL_do_handshake its not clear to me when to try to validate the certificate.

Do I just have to do a certificate check as soon as SSL_write returns success for the first time? Or is there a better signal?

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-05-17T14:52:26+00:00

Editorial Team

2026-05-17T14:52:26+00:00Added an answer on May 17, 2026 at 2:52 pm

Before you initiate the negotiation, you should use SSL_set_verify() to set the verification mode and optionally a verification callback. Handle any additional application-specific validation you need in the callback.

Then, if SSL_write() and/or SSL_read() return successfully, you know that the certificate has been validated.

0

Reply
Share
Share

- Report

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

When using OpenSSL with non blocking sockets its convenient to use the transparent negotiation

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply