On Mon, Mar 22, 2010 at 04:23:53PM -0700, Claus Assmann wrote: > It should probably be > > ssl_errno = SSL_get_error(ssl, rc); > > but even then I get SSL_ERROR_SYSCALL and errno=EBADF using sendmail > 8, while previously it didn't complain about errors.
For what it's worth, Postfix calls SSL_shutdown via a biopair state machine that handles SSL_ERROR_WANT_READ and SSL_ERROR_WANT_WRITE. /* The TLS layer to network interface is realized with a BIO pair: /* /* Postfix SMTP layer | TLS layer /* | /* smtp/smtpd | /* /\ || | /* || \/ | /* vstream read/write <===> TLS read/write/etc /* | /\ || /* | || \/ /* | BIO pair (internal_bio) /* | BIO pair (network_bio) /* Postfix socket layer | /\ || /* | || \/ /* socket read/write <===> BIO read/write /* /\ || | /* || \/ | /* network | This state machine is used for handshake, read and write I/O, so if/when SSL_shutdown returns SSL_ERROR_WANT_READ or SSL_ERROR_WANT_WRITE, the appropriate I/O ops are issued and the call is retried. -- Viktor. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org