> You have to include that BIO_write(bio_io, ...) in this loop!
Why? I have to data to write. If I had data to write, I would have already
written it before I entered the loop. If I get more data to write later,
I'll enter the loop again.
> Either check if data is available from the network and the call
> BIO_write() (but don't try to write more the
> BIO_get_write_guarantee(bio_io) bytes because that's all the buffer
> can take),
Is it harmful to try to write more than the buffer can take? Won't it just
fail to take it?
> or use BIO_get_read_request(bio_io) to find out if the SSL
> library actually wants data and look for the appropriate number of
> network bytes only when this is the case. Of course you should set
> 'done' to 'false' whenever you moved some bytes this way.
>
> The call to BIO_read(ssl_bio, ...) will trigger any pending
> handshake actions, i.e. if your BIO_write() fed new handshake
> data to the SSL library, then BIO_read(ssl_bio) will process them
> and either request more data or send back its own handshake
> messages, which then will be picked up by your next call to
> BIO_read(bio_io, ...).
>
> Note that while usually there's just one handshake at the
> beginning, the peer always can request a new handshake!
> Thus, even later on in the protocol, your call to BIO_read(bio_ssl)
> may try to write data to the network. (For this reason, your
> code variation with the 'init_complete' flag has the
> same problem as your original code.)
` So? I call BIO_read in both directions after every BIO_write, so if a
write ever triggered new outbound data, it would get sent regardless.
> If you include BIO_write(bio_io, ...), then the deadlock should go
> away. Of course there will still be conditions when the SSL library
> needs network data to continue, but that data has not yet arrived.
I have nothing to write at that point. I don't call that loop unless I've
written everything I have to write (or as much as the SSL code will take).
Perhaps the problem has more to do with how I'm handling cases where the
SSL library won't take all the outbound data I've got ready for it at any
particular time. I'll do some more testing.
DS
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
