5.11 Secure Socket Multiplexing
If your application tries to read from a secure socket whose buffers are empty, or tries to write to a secure socket whose buffers are full, the secure socket usually blocks or pauses the application until it can complete the operation. This is a problem if your application uses more than one socket at a time.
For example, an application could create two secure sockets, s1 and s2, that display any data that arrives on a secure socket. Initially, data is not available on either socket. If the application reads from s1, execution blocks until data is available on that secure socket. In the meantime, data could arrive on s2, but the program would never receive it because the program is waiting for s1.
The solution is to block on both secure sockets simultaneously. The following sections explain how.
The implementation of RWSecureSocketSession operates on the TCP socket underlying the secure connection. RWSecureSocketSession uses the select() system call. Since the SSL/TLS protocols are record oriented, it is possible to get into a situation where a “can read” attribute is true on a secure socket, but then the read may block to wait for the rest of the SSL record to be transmitted. See SSL and TLS - Designing and Building Secure Systems, by Eric Rescorla, referenced in Appendix B.
5.11.1 Working with Secure Socket Attributes
Secure socket attributes indicate conditions on the socket. For example, the sock_attr_canread attribute indicates that a secure socket is ready for reading. When an attribute is true, it means that the corresponding operation on the secure socket can be executed without blocking. For more information about attributes, see class RWSecureSocketAttribute.
5.11.2 Using RWSecureSocketAttribute
In the Secure Sockets package, a secure socket attribute is represented by an instance of the RWSecureSocketAttribute class. A secure socket attribute has two parts: a secure socket and an attribute, where the attribute is a combination of any of the following:
RWSecureSocketAttribute::CANREAD
Data is available for reading.
RWSecureSocketAttribute::CANWRITE
Data can be written on the secure socket.
RWSecureSocketAttribute::EXCEPTION
An exceptional condition, such as the arrival of out-of-band data, has occurred.
RWSecureSocketAttribute::ISCONNECTED
The secure socket is connected.
RWSecureSocketAttribute::ISCLOSED
The secure socket is closed.
RWSecureSocketAttribute::CANACCEPT
A connection has arrived on this secure socket and can be received by calling RWSecureSocket::accept().
Applications can set multiple attributes by bitwise ORing them together.
5.11.3 Using rwSecureSocketSelect
You can use the global function rwSecureSocketSelect() to test attributes and wait for them to become true. Example 9 shows how to wait on two secure sockets at the same time.
Example 9 – Using the global function rwSecureSocketSelect
// Establish two connected secure sockets, s1 and s2
 
RWTValOrderedVector<RWSecureSocketAttribute> waiton; //1
waiton.append(RWSecureSocketAttribute(
s1,RWSecureSocketAttribute::CANREAD)); //2
waiton.append(RWSecureSocketAttribute(
s2,RWSecureSocketAttribute::CANREAD));
RWTValOrderedVector<RWSecureSocketAttribute> ready =
rwSecureSocketSelect(waiton); //3
 
// Do something with the secure sockets that are ready
//1 Builds a vector of secure socket attributes to wait for. An ordered vector Essential Tools Module class represents the list of attributes.
//2 Adds the conditions to the list. In this case, the application is waiting for either s1 or s2 to be ready for reading.
//3 Waits for at least one condition to be true. The conditions are passed in as an RWTValOrderedVector<RWSecureSocketAttribute>, a vector of secure socket attributes. If one of the conditions in waiton is already true, rwSecureSocketSelect() returns immediately. You can pass an optional second argument to set a timeout in seconds. The function returns a list of conditions that are true.
The SourcePro C++ API Reference Guide describes rwSecureSocketSelect() on the Secure Sockets page, accessible from the Modules tab.