I did find a very good explanation here:
https://mta.openssl.org/pipermail/openssl-users/2015-March/000709.html
The idea of "what SSL wants" and "what the app wants" is a very good
explanation. This is the pseudocode I'm working with currently:
io_callback(events) {
if (messages_to_send && (events & OS_WRITABLE)) {
SSL_write(.);
if (error) {
if (error_is_want_read) {
system_poll &= OS_READABLE;
} else if (error_is_want_write) {
system_poll &= OS_WRITABLE;
}
update_os_poll(system_poll);
return;
} else {
// emit send success to app
}
} else if (app_wants_data && (events & OS_READABLE)) {
SSL_read(.);
if (error) {
if (error_is_want_read) {
system_poll &= OS_READABLE;
} else if (error_is_want_write) {
system_poll &= OS_WRITABLE;
}
update_os_poll(system_poll);
return;
} else {
// emit the data to app
}
}
}
This code is probably not 100% correct, but should show my design pretty
clear. One needs to do what YOU want, combined with what SSL wants.
However, question still remains - it is ALLOWED to perform SSL_read before
SSL_write, when a previous call to SSL_write failed with WANT_READ?
2016-09-15 7:01 GMT+02:00 Viktor Dukhovni :
> On Thu, Sep 15, 2016 at 05:07:22AM +0200, Alex Hultman wrote:
>
> > If SSL_write returns the error SSL_ERROR_WANT_READ, am I then allowed to
> > call SSL_read before I have called SSL_write?
>
> WANT_READ means that OpenSSL *internally* needs to read some (often
> ciphertext) bytes from the peer, and that since the socket is
> non-blocking or you're using BIO_pairs, ... the application must
> wait for data to arrive (poll(), select(), ...) and then retry
> the call once the socket becomes readable.
>
> It is not an invitation to read *application* layer data, which
> would typically also fail for lack anything to read at that
> moment.
>
> * WANT_READ -- Select the socket for read, and retry
> the original function (hanshake, read or write) once
> the socket is readable.
>
> * WANT_READ -- Select the socket for write, and retry
> the original function (hanshake, read or write) once
> the socket becomes writable.
>
> Again, these are not a request for the application to *consume*
> data, rather the application needs to retry once the socket is
> ready for the requested operation. OpenSSL will internally
> read or write to the socket.
>
> --
> Viktor.
> --
> openssl-users mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
>
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users