On Tue, Oct 6, 2015 at 5:44 PM, Joe Orton <jor...@redhat.com> wrote: > > Hence In the server case, it seems reasonable to rely on BIO_flush() > being called at the "right" times during the handshake. Modulo the odd > bug! > > But ssl/s3_clnt.c is not following that coding style at all, and it only > does a flush after completing the handshake. So I'd say the right thing > here is to FLUSH after every packet which comes through the write BIO > when the SSL state machine is in the middle of a "connect", i.e. > handshake as client. > > tl;dr: I think Yann's patch should be right if the test is switched from > "always flush if !SSL_is_init_finished(ssl)" to "always flush if > SSL_in_connect_init(ssl)"???
Yes, I came to the same conclusion, but decided to use SSL_is_init_finished(ssl) anyway because for the server case it seems that openssl uses it own buffering mechanism to avoid writing small chunks (after the client-hello is received), so possibly we could rely on it (this also simplifies the logic).
