Thanks for your reply. I read that, and I think I understand what it is saying. I'm just trying to get confirmation on my understanding of it. Put in a different way, if I have the following code where I do SSL_read() in a do-while loop,
int iBytesRead = 0; do { int ret = SSL_read(ssl, buf, sizeof(buf)); int err = SSL_get_error(ssl, ret); if (err == SSL_ERROR_NONE) { iBytesRead += ret; } else if (err == SSL_ERROR_ZERO_RETURN) { return 0; // ssl connection was closed } else if (err == SSL_ERROR_WANT_READ || err == SSL_ERROR_WANT_WRITE) { break; // need more data; break loop and add fd back to poll // and do another SSL_read() when there is more data // available on the socket. } else { return 0; // read failed } } while (SSL_pending(ssl)); // ssl buffer has been completely drained Assuming client is continuously sending me data, will I ever exit this loop? I assume that once the ssl buffer has been emptied, SSL_pending() will return 0 and I break the loop, or the ssl buffer can no longer be processed without more data, in which case I get an SSL_ERROR_WANT_READ/WRITE and break the loop, at which time I will add fd back to poll and wait for more data on the socket (which could be immediate). > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] > Sent: Monday, March 28, 2005 4:04 PM > To: openssl-users@openssl.org > Subject: Re: SSL_read() > > Straight from the man pages .. > > > SSL_read() works based on the SSL/TLS records. The > data are received in records (with a maximum record size of > 16kB for SSLv3/TLSv1). Only when a > record has been completely received, it can be > processed (decryption and check of integrity). Therefore data > that was not retrieved at the last call of > SSL_read() can still be buffered inside the SSL layer > and will be retrieved on the next call to SSL_read(). If num > is higher than the number of bytes > buffered, SSL_read() will return with the bytes > buffered. If no more bytes are in the buffer, SSL_read() > will trigger the processing of the next > record. Only when the record has been received and > processed completely, SSL_read() will return reporting > success. At most the contents of the record > will be returned. As the size of an SSL/TLS record may > exceed the maximum packet size of the underlying transport > (e.g. TCP), it may be necessary to > read several packets from the transport layer before > the record is complete and SSL_read() can succeed. > > it speaks to what you are inquiring about > > > > Edward Chan wrote: > > > I have a question about SSL_read(). Am I correct in my > understanding > > that SSL_read() will not read from the socket as long as > there is data > > in the ssl buffers available for processing? And if there > is data in > > the ssl buffer but it cannot be processed because we don't have a > > complete record, then I will get an SSL_ERROR_WANT_READ/WRITE, in > > which case, I need to issue SSL_read() again to read more data from > > the socket? > > > > Thanks, > > Ed > > > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List openssl-users@openssl.org > Automated List Manager [EMAIL PROTECTED] > ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]