David Schwartz wrote:
This is insane. Imagine if SSL_want_read and SSL_want_write both returned false. Then you wouldn't ever notice that the socket had been closed, you could wait for new inbound data forever, and your proxy would stall.
But end-of-stream is an error condition, so you should be using SSL_get_error(). By using SSL_want_{read,write}() you are effectively stating you don't care for error conditions. Well they are there to be checked upon if you'd only ask.
As soon as SSL_read() returns 0, or -1/ZERO_RETURN you are no longer in a "nominal state".
In "nominal state" it is possible to drive OpenSSL from the readability and writability states alone, but once you start seeing end-of-stream indicators or once you start initiating an SSL_shutdown() then the SSL stream is no longer in a "nominal state".
Certainly the 2 cases Nanno cited (socket abort through remote process killed and remote process does a TCP read shutdown before any SSL shutdown notify packets have been exchanged) these are both error conditions from the point of view of SSL providing a secure stream.
As they both deny SSL the ability to carry out a secure stream shutdown, in order to do that an exchange of shutdown notify packets is needed and in order to do that you need the TCP socket in an established state with both directions open.
Only once your end has committed its shutdown notify packet to the wire can you even think about shutting down the TCP write half at your end.
Only once your end has received a shutdown notify packet from the wire can you even think about shutting down the TCP read half at your end.
Doing so at any time before is an error. Darryl ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager [EMAIL PROTECTED]
