On Jun 28 2016, Cory Benfield <[email protected]>
wrote:
>> On 28 Jun 2016, at 17:50, Nikolaus Rath
>> <[email protected]> wrote:
>>
>> Hum. When using BIOs, does this mean that I can safely refill/read-out
>> the BIO when getting SSLWantRead/SSLWantRead and then call the SSL
>> function again, or do I need to keep track of the detailed io state
>> again?
>>
>> Best,
>> -Nikolaus
>
> If you get SSLWantRead it’s a signal that you’re waiting for more data
> from the socket: you shouldn’t expect to see SSLWantWrite in regular
> use with a BIO.
What happens if the data that OpenSSL wants to send doesn't fit in the
provided BIO? Shouldn't that raise SSLWantWrite?
> You shove application data in: if you get no error,
> you write out as much as you can from the BIO.
...but that may not be enough.
> If you get WantRead, you make sure you go back to the socket because
> you need some data from it.
That's the behavior that I would expect, yes. It is also what I would
expect to be the right method when using ssl (or PyOpenSSL) with
non-blocking sockets. But in the latter cases is actually insufficient,
so I've grown cautious.
Best,
-Nikolaus
--
GPG encrypted emails preferred. Key id: 0xD113FCAC3C4E599F
Fingerprint: ED31 791B 2C5C 1613 AF38 8B8A D113 FCAC 3C4E 599F
»Time flies like an arrow, fruit flies like a Banana.«
_______________________________________________
Cryptography-dev mailing list
[email protected]
https://mail.python.org/mailman/listinfo/cryptography-dev
