On Tue, Jun 18, 2002 at 11:18:31PM -0500, Samuel Meder wrote:
> Now that openssl sends a empty record as part of the known IV attack
> fix, I noticed that SSL_read returns -1 if the only record available is
> one without a body (our setup uses mem BIOs). Is this behavior
> desirable? It seems to me that returning 0 would make more sense. Also,
> if this is the way things should be, is the right way to check that
> everything is ok when receiving a -1 to call BIO_should_retry on the
> read bio?
SSL_read returning 0 would mean: connection closed.
This is however not true. You want to read data but they are not yet
available, so you must retry. The retry condition is a return value
of -1 and SSL_get_error() returning SSL_ERROR_WANT_READ.
I did not yet check out the situation. Does this also appear with
non-blocking sockets? In this case we must update the documentation!!!
Best regards,
Lutz
--
Lutz Jaenicke [EMAIL PROTECTED]
http://www.aet.TU-Cottbus.DE/personen/jaenicke/
BTU Cottbus, Allgemeine Elektrotechnik
Universitaetsplatz 3-4, D-03044 Cottbus
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
