[gnutls-help] Truly non-blocking example of gnutls usage
Nikos Mavrogiannopoulos
nmav at gnutls.org
Fri Apr 8 19:44:23 CEST 2016
On Fri, 2016-04-08 at 17:16 +0100, Alex Bligh wrote:
> Nikos,
>
> Thanks for your reply.
>
> On 8 Apr 2016, at 14:35, Nikos Mavrogiannopoulos <nmav at gnutls.org>
> wrote:
>
> > On Fri, Apr 8, 2016 at 10:36 AM, Alex Bligh <alex at alex.org.uk>
> > wrote:
> > > Is there a simple, easy to reuse, example of gnu-tls acting like
> > > a
> > > proxy which is truly non-blocking? By truly non-blocking I mean
> > > using
> > > non-blocking writes as well as non-blocking reads. The danger I
> > > am concerned about is receiving a large amount of plain-text,
> > > gnutls converting that to cypher-text, attempting to write it
> > > but blocking because the remote side is not ready to receive it.
> > > The remote side is not ready to receive it because it has its
> > > own output blocked as gnutls is not polling for reads as
> > > it's blocked above, meaning deadlock.
> >
> > Blocking is a matter of the underlying socket functions.
>
> Perhaps I should have used the word 'asynchronous'
>
> > If you set
> > the sockets to non blocking mode gnutls operates in a non-blocking
> > way
> > almost identically to berkeley sockets. Have you checked the
> > manual?
> > https://www.gnutls.org/manual/html_node/Asynchronous-operation.html
>
> I had done, but it was not fantastically helpful.
>
> The manual says "GnuTLS does not keep a write buffer, thus when
> writing
> no additional actions are required." which I took to mean it was
> writing
> synchronously (but reading async).
That sentence is indeed confusing. I've removed it.
>
> > The simplest example is mini-eagain.c from the test suite which
> > verifies the asynchronous operation of gnutls_record_send and recv.
> Thanks - that was helpful. But it doesn't do a select loop
> as far as I can tell.
No. A select loop will be complex and I don't know if one could have a
reasonable example. If you have one consider contributing it.
To see a real world example check ocserv's main loop:
https://gitlab.com/ocserv/ocserv/blob/master/src/worker-vpn.c#L1892
It uses both TLS and DTLS sockets in async mode (with poll, there is no
reason to use select() as it has terrible semantics).
regards,
Nikos
More information about the Gnutls-help
mailing list