SSL_connect/read from "empty" BIO

I have a problem making the link between开发者_StackOverflow中文版 the underlying socket (in this case, a (lib)ssh2 tunnel channel) and the BIO in order to make a handshake.

The reason for all the trouble is: the server I wish to handshake with is not an SSL encrypted server initially, and has to be told to turn on SSL before SSL_connect()'ing/handshaking. Specifically it's a FTP server with SSL extension.

I'm providing my code (with help from caf) below.

First a tunnel channel is set up, on which the initial request for SSL encryption is send ("AUTH SSL" in plaintext). The difficulties arise when I try to negotiate the handshake because, as I see it, there is no data to do handshaking upon.

Code: http://pastebin.com/TG8RMyWx

Somehow it would seem I need to carry the data between channel and BIO "during" the handshake, but I fail to see how?

I've been able to set up a SSL connection to an external SSH tunnel (simply ran OpenSSH's ssh -f user@host -L 21:remote_host:21 -N) with just one BIO (as socket to the localhost), so I'm guessing my troubles is in the carrying as stated in the previous paragraph.

Any hints are greatly appreciated, thanks!

• James

Two things I can see now:

• Your BIOs aren't initialised properly. Use BIO_new_bio_pair(&rbio, 0, &wbio, 0); instead of your BIO_make_bio_pair() call;

• Once you've fixed that, then SSL_connect() will return SSL_ERROR_WANT_READ / SSL_ERROR_WANT_WRITE - you then will need to put it into a loop, like the SSL_read().