On Mon, Mar 22, 2010 at 04:23:53PM -0700, Claus Assmann wrote:
> It should probably be
>
> ssl_errno = SSL_get_error(ssl, rc);
>
> but even then I get SSL_ERROR_SYSCALL and errno=EBADF using sendmail
> 8, while previously it didn't complain about errors.
For what it's worth, Postfix calls SSL_shutdown via a biopair state
machine that handles SSL_ERROR_WANT_READ and SSL_ERROR_WANT_WRITE.
/* The TLS layer to network interface is realized with a BIO pair:
/*
/* Postfix SMTP layer | TLS layer
/* |
/* smtp/smtpd |
/* /\ || |
/* || \/ |
/* vstream read/write <===> TLS read/write/etc
/* | /\ ||
/* | || \/
/* | BIO pair (internal_bio)
/* | BIO pair (network_bio)
/* Postfix socket layer | /\ ||
/* | || \/
/* socket read/write <===> BIO read/write
/* /\ || |
/* || \/ |
/* network |
This state machine is used for handshake, read and write I/O, so if/when
SSL_shutdown returns SSL_ERROR_WANT_READ or SSL_ERROR_WANT_WRITE, the
appropriate I/O ops are issued and the call is retried.
--
Viktor.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
