Martin Sj�gren via RT <[EMAIL PROTECTED]>: > Bodo Moeller: >> Martin Sj�gren:
>>> When you write a zero-length string with SSL_write, OpenSSL signals a >>> "protocol-violating EOF" even though no such thing has happened. My >>> guess is that a zero returned is misinterpreted somewhere though I have >>> not had time to dig through the source. >> SSL_write() with length 0 will return 0, and this return value is >> always interpreted as "protocol-violating EOF" according to the >> SSL_get_error() manpage (SSL_get_error() returns SSL_ERROR_ZERO_RETURN). >> This is an inconsistency, but even if we change SSL_write() to >> return a different value, the program will not work -- we cannot >> return a positive value, and negative values would be interpreted as > > errors too. > Uh, the example code I whipped up doesn't give you > SSL_ERROR_ZERO_RETURN, it gives you SSL_ERROR_SYSCALL. Correct, my mistake. I actually meant SSL_ERROR_SYSCALL (SSL_ERROR_ZERO_RETURN means that the connection has been shut down cleanly, and this return value would be totally incorrect in this case). > I'd say that the problem isn't as much in SSL_write as in SSL_get_error. > The error codes and success codes overlap :( SSL_read() and SSL_write() are not really meant to be called with zero length. The return value cannot be larger than zero when this is done, so SSL_get_error() will interpret the return value as an error indication. We could change SSL_read() and SSL_write() to return an actual error when they are called with length 0, but this might break programs that do such calls but don't rely on SSL_get_error() for them. I suppose it should be possible to change the implementations behind SSL_read() and SSL_write() (i.e. ssl3_read() etc.) to use an extra flag for the special case of zero length parameters so that SSL_get_error() will indicate success unless there really was some kind of error, but I'm not convinced this is worth the effort -- why call the functions with length 0 anyway? -- Bodo M�ller <[EMAIL PROTECTED]> PGP http://www.informatik.tu-darmstadt.de/TI/Mitarbeiter/moeller/0x36d2c658.html * TU Darmstadt, Theoretische Informatik, Alexanderstr. 10, D-64283 Darmstadt * Tel. +49-6151-16-6628, Fax +49-6151-16-6036 ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
