Now that openssl sends a empty record as part of the known IV attack fix, I noticed that SSL_read returns -1 if the only record available is one without a body (our setup uses mem BIOs). Is this behavior desirable? It seems to me that returning 0 would make more sense. Also, if this is the way things should be, is the right way to check that everything is ok when receiving a -1 to call BIO_should_retry on the read bio?
/Sam ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]