>> Under closer examination, when openssl executes the ssl3_server_hello
>> portion
>> of the protocol, readsocket (line 191) returns with -1 and outl > 0 with
no
>> bytes read within variable out. While executing line 200, openssl
discovers
>> that the error is WSAEWOULDBLOCK (10035), and sets the appropriate flags
for
>> retrying the socket. Instead of immediately retrying the socket, each
>> function
>> called in the stack within openssl, passes -1 to the function calling it
all
>> the way up to SSL_write. If recv waited a few milliseconds more, the data
>> would
>> be available.
>>
>> After receiving a -1 from SSL_write, if someone tries calling it again,
the
>> same error occurs. By calling it again, the whole process is started
rather
>> than retrying to receive the last message.
>
> How is 'calling again' different from 'retrying'? After SSL_write has
> returned, SSL_get_error should report SSL_ERROR_WANT_READ in this
> case, meaning that the SSL_write call should be repeated as soon as
> data is available for reading at the underlying socket. Why the
> socket reports WSAEWOULDBLOCK in the first place when it is supposed
> to be blocking is a question that only your OS manufacturer can
> answer, I'm afraid.
I should have said,
"...if someone tries calling SSL_write() again, the same error occurs. By
calling SSL_write() again, the whole process is started over again
rather
than simply retrying the socket within sock_read() to receive the last
message (which is what the code addition does)".
In other words, calling SSL_write() again does not just retry the socket; it
starts over with the handshaking (server hello, client hello, etc). It kind
of
has the effect of "resetting things". The code addition is a way to retry
the
socket without having to go through all the handshaking again.
We do not consider our code addition a permanent solution--just a temporary
fix
to get our software working again. This problem is still under
investigation.
Paul Kudlawiec
Software Engineer
Transnexus, Inc.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
