> Let me trace through the application. Looking at the source code, it > appears that the application may have a bug (checking the SSL error stack > via SSL_get_error() when SSL_read() returned > 0) but that what > is actually > happening here is: > > 1) SSL_read() is returning < 0, SSL_get_error() is returning WANT_READ > > *but* > > 2) Internally, SSL_read has taken the bytes from the socket buffer, so > calling select() on the fd for read will still never work. There seems > to be no way for the application to know that what it *really* needs to > do is retry the call with a larger buffer, that nothing else > will suffice.
If this is really what's happening, it's a bug in OpenSSL. The application should be able to pass a 1-byte buffer the OpenSSL and get 1 byte of decrypted data. > In other words, by code inspection, it seems the bug's actually worse than > I thought. But I'll trace through it too to double-check. If that's true, then it's much worse than you thought. OpenSSL is not allocating or using sufficient internal buffer space and is returning a WANT_READ application in case other than one in which the socket cannot supply the data it needs. But I suspect you have an application bug. You are manufacturing the WANT_READ indication yourself, I strongly suspect. DS ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager [EMAIL PROTECTED]