On Sat, 29 Sep 2007, Thor Lancelot Simon wrote: > On Sat, Sep 29, 2007 at 11:28:26AM -0700, Davide Libenzi wrote: > > Would it be possible to make SSL_shutdown() on non-blocking BIOs, conform > > to the documentation and aligned to SSL_read, SSL_write, ...? > > > > http://www.openssl.org/docs/ssl/SSL_shutdown.html > > > > I cooked a tentative patch below, that seems to be working here. > > I don't understand -- as far as I can tell, the current implementation > does, in fact, conform to the documentation -- though it does not > work exactly the same way as SSL_read, SSL_write, etc. It is not > documented to work the same way.
The reason I posted the patch was because I noticed a SSL_ERROR_SYSCALL back from SSL_get_error(). This is what the documentation says: -- If the underlying BIO is non-blocking, SSL_shutdown() will also return when the underlying BIO could not satisfy the needs of SSL_shutdown() to continue the handshake. In this case a call to SSL_get_error() with the return value of SSL_shutdown() will yield SSL_ERROR_WANT_READ or SSL_ERROR_WANT_WRITE. The calling process then must repeat the call after taking appropriate action to satisfy the needs of SSL_shutdown(). The action depends on the underlying BIO. When using a non-blocking socket, nothing is to be done, but select() can be used to check for the required condition. When using a buffering BIO, like a BIO pair, data must be written into or retrieved out of the BIO before being able to continue. -- If you look at the current code, ssl3_shutdown() returns either zero or one. In case we did not get the peer shutdown yet, it returns zero, even if a BIO-write failed (output buffers full). And this ends up in a SSL_ERROR_SYSCALL back from SSL_get_error(), instead of a WANT_WRITE. Same once we sent the shutdown and we're waiting to receive the peer close-notify packet. We get SSL_ERROR_SYSCALL instead of a WANT_READ. You can try it by yourself if you don't believe. I actually encourage you to try. > Why do you think it would be better if your patch were applied? Are > you sure your change will not break existing code that works with the > current semantics? The patch makes it actualy work as expected/documented for non-blocking BIOs. For blocking BIOs it behaves the same. Patch needs double-check of course. - Davide ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager [EMAIL PROTECTED]
