On Tue, Jul 06, 1999 at 11:16:50AM +0200, Juan Pablo Rojas Jimenez wrote:
> Could anyone tell me what's the exact meaning of the possible errors
> returned in a SSL_read/write call.
Note that those errors are not returned by
SSL_{accept,connect,read,write}, but are returned by
SSL_get_error(ssl, r) where r is the return value of one of those.
> SSL_ERROR_NONE
That one is easy, I guess :-)
> SSL_ERROR_WANT_WRITE
> SSL_ERROR_WANT_READ
These can happen only with non-blocking I/O (or with BIO pairs, which
will be available in OpenSSL 0.9.4). It means that the program has to
retry the SSL_... call; progress is guaranteed for the next call if
writing or reading, respectively, is possible on the underlying I/O
device by then (for sockets, typically select() or poll() will be
used to determine when time is ready for retry).
It is important to keep in mind that all those SSL_... calls may
*both* read and write: E.g. you can observe SSL_ERROR_WANT_WRITE after
a SSL_read. (Because of this, it is a little tricky to handle
bidirectional SSL I/O correctly without introducing busy waiting -- if
you call both SSL_write and SSL_read for the same connection, you do
not know if a SSL_ERROR_WANT_... from the first call is still valid
after the second one; querying BIO_number_read and BIO_number_written
helps here because it makes it possible to find out whether something
happened on the network connection or not).
> SSL_ERROR_WANT_X509_LOOKUP
This can happen only for clients that have client_cert_cb set:
the callback may not be able to return a certificate immediately.
If you don't use SSL_CTX_set_client_cert_cb, you won't see this one.
> SSL_ERROR_ZERO_RETURN
The connection was closed (cleanly).
> SSL_ERROR_SYSCALL
Some error occured at I/O level. If the OpenSSL error stack is empty,
look at the return value of the SSL_... call: 0 means an EOF was
observed there (but it was not expected by the protocol -- otherwise
you'd see SSL_ERROR_ZERO_RETURN). If it is -1, look at errno
(or its equivalent on non-UNIX, non-POSIX systems).
> SSL_ERROR_SSL
Some protocol error happened, and the OpenSSL error stack knows more
about it (call, e.g., ERR_get_error again and again until it returns
0; ERR_error_string translates those numerical values into readable
strings).
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
