Secure Socket Multiplexing
If your application tries to read from a secure socket whose buffers are empty, or tries to write to a secure socket whose buffers are full, the secure socket usually blocks or pauses the application until it can complete the operation. This is a problem if your application uses more than one socket at a time.
For example, an application could create two secure sockets, s1 and s2, that display any data that arrives on a secure socket. Initially, data is not available on either socket. If the application reads from s1, execution blocks until data is available on that secure socket. In the meantime, data could arrive on s2, but the program would never receive it because the program is waiting for s1.
The solution is to block on both secure sockets simultaneously. The following sections explain how.
NOTE >> The implementation of
RWSecureSocketSession operates on the TCP socket underlying the secure connection.
RWSecureSocketSession uses the select() system call. Since the SSL/TLS protocols are record oriented, it is possible to get into a situation where a “can read” attribute is true on a secure socket, but then the read may block to wait for the rest of the SSL record to be transmitted. See
SSL and TLS - Designing and Building Secure Systems, by Eric Rescorla, referenced in
Appendix B.
Working with Secure Socket Attributes
Secure socket attributes indicate conditions on the socket. For example, the
sock_attr_canread attribute indicates that a secure socket is ready for reading. When an attribute is
true, it means that the corresponding operation on the secure socket can be executed without blocking. For more information about attributes, see the typedef
RWSecureSocketAttribute.
Using RWSecureSocketAttribute
In the Secure Sockets package, a secure socket attribute is represented by an instance of the
RWSecureSocketAttribute class. A secure socket attribute has two parts: a secure socket and an attribute, where the attribute is a combination of any of the following:
RWSecureSocketAttribute::CANREAD | Data is available for reading. |
RWSecureSocketAttribute::CANWRITE | Data can be written on the secure socket. |
RWSecureSocketAttribute::EXCEPTION | An exceptional condition, such as the arrival of out-of-band data, has occurred. |
RWSecureSocketAttribute::ISCONNECTED | The secure socket is connected. |
RWSecureSocketAttribute::ISCLOSED | The secure socket is closed. |
RWSecureSocketAttribute::CANACCEPT | A connection has arrived on this secure socket and can be received by calling RWSecureSocket::accept(). |
Applications can set multiple attributes by bitwise ORing them together.
Using rwSecureSocketSelect
You can use the global function
rwSecureSocketSelect() to test attributes and wait for them to become
true.
Example 9 shows how to wait on two secure sockets at the same time.
Example 9 – Using the global function rwSecureSocketSelect
// Establish two connected secure sockets, s1 and s2
RWTValOrderedVector<RWSecureSocketAttribute> waiton; //1
waiton.append(RWSecureSocketAttribute(
s1,RWSecureSocketAttribute::CANREAD)); //2
waiton.append(RWSecureSocketAttribute(
s2,RWSecureSocketAttribute::CANREAD));
RWTValOrderedVector<RWSecureSocketAttribute> ready =
rwSecureSocketSelect(waiton); //3
// Do something with the secure sockets that are ready
NOTE >> The SourcePro API Reference Guide describes rwSecureSocketSelect() on the Secure Sockets page, accessible from the Modules tab.