wolfSSL Custom I/O: Handshaking

Last week we talked about wolfSSL’s custom I/O handling and how to set it up. The following discussion assumes the I/O callbacks are reading and writing into buffers rather calling send() or recv().

A tricky situation is during the handshake. When calling wolfSSL_connect(), the client will send cipher text first and try to receive a response from the server. The send callback will be called and then the receive callback, which will WANT_READ. Application code will have to actually send the first handshake message and wait for the response.

The server receives and sends in reaction. Its receive callback is called, then its send callback, then the receive which will WANT_READ. The application has to send the handshake message.

Both sides receive and send in reaction to each other. When the handshake hasn’t completed, calls to wolfSSL_read() and wolfSSL_send() call wolfSSL_negotiate() which will drive the handshaking. If things are set up right, a call to wolfSSL_read() may return WANT_READ and the cipher-send buffer will have data to be sent to the peer.