1 (edited by carlo 2020-06-22 18:36:37)

Topic: When to call wolfSSL_set_using_nonblock()?

The documentation at https://www.wolfssl.com/doxygen/group__ … 5417fc8f3a
says:

After an application creates a WOLFSSL object, if it will be used with a non-blocking socket, call wolfSSL_set_using_nonblock() on it.

However, in the source code I found:

/* Nonblocking DTLS helper functions */
WOLFSSL_API void wolfSSL_dtls_set_using_nonblock(WOLFSSL*, int);
WOLFSSL_API int  wolfSSL_dtls_get_using_nonblock(WOLFSSL*);
#define wolfSSL_set_using_nonblock wolfSSL_dtls_set_using_nonblock
#define wolfSSL_get_using_nonblock wolfSSL_dtls_get_using_nonblock
    /* The old names are deprecated. */

In other words, `wolfSSL_set_using_nonblock()` doesn't even really exist.
It seems from this that one should call `wolfSSL_dtls_set_using_nonblock()`
when using DTLS, and not when using -say- a non-blocking TCP socket.

Documentation wrong again?

Share

Re: When to call wolfSSL_set_using_nonblock()?

Hi Carlo,

The non-blocking mode is on by default for TLS. You can just configure your socket as non-blocking and you'll be good. The read/write IO callback return "want write" or "want read" to indicate would block. The old `wolfSSL_set_using_nonblock` function maps to `wolfSSL_dtls_set_using_nonblock`, which only applies to the DTLS case.

You can find some TLS and DTLS examples in our wolfssl-examples repo. There is a TLS non-blocking example here:
https://github.com/wolfSSL/wolfssl-exam … blocking.c

Thanks,
David Garske, wolfSSL

Share

3 (edited by carlo 2020-06-24 08:48:19)

Re: When to call wolfSSL_set_using_nonblock()?

Hi dgarske, thank you for your reply!

You confirm what I suspected; that it is not needed to call `wolfSSL_set_using_nonblock`.
Both, documentation and examples are really lagging behind - I run constantly into incorrect
things in both hmm.

Note that the example that you link to DOES call  `wolfSSL_set_using_nonblock`,
unnecessary (it does nothing, at best), but slightly confusing that you link to it in this context
therefore...

https://github.com/wolfSSL/wolfssl-exam … ing.c#L134

Share

Re: When to call wolfSSL_set_using_nonblock()?

You don't use wolfSSL_set_using_nonblock() with TLS sessions. It is only used in DTLS sessions. I originally named the function without the "dtls" part, and it confused some people. "Well, I set non-block and it didn't work." wolfSSL is agnostic to the behavior of the underlying TCP/IP stack, or lack of one, and how it behaves. The only exception is DTLS with non-blocking sockets. In POSIX TCP/IP stacks, the stack returns the same error code for "this socket will block" as the condition "the timeout on this socket expired".

Really, the DTLS usage in our example server and client should have a custom application level structure containing the peer's address, the socket fd, and the non-blocking setting, and that should get passed into the I/O callback function.