On Tue, Jun 18, 2002 at 11:18:31PM -0500, Samuel Meder wrote: > Now that openssl sends a empty record as part of the known IV attack > fix, I noticed that SSL_read returns -1 if the only record available is > one without a body (our setup uses mem BIOs). Is this behavior > desirable? It seems to me that returning 0 would make more sense. Also, > if this is the way things should be, is the right way to check that > everything is ok when receiving a -1 to call BIO_should_retry on the > read bio?
SSL_read returning 0 would mean: connection closed. This is however not true. You want to read data but they are not yet available, so you must retry. The retry condition is a return value of -1 and SSL_get_error() returning SSL_ERROR_WANT_READ. I did not yet check out the situation. Does this also appear with non-blocking sockets? In this case we must update the documentation!!! Best regards, Lutz -- Lutz Jaenicke [EMAIL PROTECTED] http://www.aet.TU-Cottbus.DE/personen/jaenicke/ BTU Cottbus, Allgemeine Elektrotechnik Universitaetsplatz 3-4, D-03044 Cottbus ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]