Is it possible to check for a heartbeat response without calling SSL_read? I'm pretty sure the answer is no.
This is problematic for me. I'm trying to make a library layer on top of OpenSSL that uses the heartbeat as an authenticated ack of earlier messages, without changing the application layer above. Doing a dummy SSL_read is problematic because it will fail (there is no data), and the same parameters (buffer address and size) will need to be repeated when a real SSL_read comes in. That's pretty messy. Future reads will need to be done in two parts. It would be nice if there were looser rules on ERROR_WANT_READ/WRITE. Specifically, it would be nice to relax the requirement of using the same parameters for the read/write operation. It seems like it should be OK if you transplant the buffer, i.e. realloc, between calls. It also seems like it should be OK to increase the size of the operation, but not decrease it. I can see how this would be a problem if the innards are storing buffer pointers between calls.
_______________________________________________ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
