Once you come to terms with the complete lack of documentation*, OpenSSL actually has some nice API features to discover, like BIOs.

BIOs are an abstraction for I/O, and are used throughout OpenSSL to describe streams of data within processes. They’re pretty cool, because they:

  • Allow you to send TLS data over arbitrary channels. They also support non-blocking IO, so you can do your TLS handshake via carrier pigeon and OpenSSL won’t know the difference.
  • Can be chained together, so you can do transparent logging of data for debugging either side of the encryption.
  • Can operate with in-memory buffers (see BIO_new_pair), so you can simulate a loopback connection without messy file descriptors and the like.

* I highly recommend ‘the forgotten manual’ for this – Network Security with OpenSSL