Thanks for your reply. I read that, and I think I understand what it is
saying. I'm just trying to get confirmation on my understanding of it. Put
in a different way, if I have the following code where I do SSL_read() in a
do-while loop,
int iBytesRead = 0;
do
{
int ret = SSL_read(ssl, buf, sizeof(buf));
int err = SSL_get_error(ssl, ret);
if (err == SSL_ERROR_NONE)
{
iBytesRead += ret;
}
else if (err == SSL_ERROR_ZERO_RETURN)
{
return 0; // ssl connection was closed
}
else if (err == SSL_ERROR_WANT_READ || err == SSL_ERROR_WANT_WRITE)
{
break; // need more data; break loop and add fd back to poll
// and do another SSL_read() when there is more
data
// available on the socket.
}
else
{
return 0; // read failed
}
} while (SSL_pending(ssl)); // ssl buffer has been completely drained
Assuming client is continuously sending me data, will I ever exit this loop?
I assume that once the ssl buffer has been emptied, SSL_pending() will
return 0 and I break the loop, or the ssl buffer can no longer be processed
without more data, in which case I get an SSL_ERROR_WANT_READ/WRITE and
break the loop, at which time I will add fd back to poll and wait for more
data on the socket (which could be immediate).
> -----Original Message-----
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED]
> Sent: Monday, March 28, 2005 4:04 PM
> To: openssl-users@openssl.org
> Subject: Re: SSL_read()
>
> Straight from the man pages ..
>
>
> SSL_read() works based on the SSL/TLS records. The
> data are received in records (with a maximum record size of
> 16kB for SSLv3/TLSv1). Only when a
> record has been completely received, it can be
> processed (decryption and check of integrity). Therefore data
> that was not retrieved at the last call of
> SSL_read() can still be buffered inside the SSL layer
> and will be retrieved on the next call to SSL_read(). If num
> is higher than the number of bytes
> buffered, SSL_read() will return with the bytes
> buffered. If no more bytes are in the buffer, SSL_read()
> will trigger the processing of the next
> record. Only when the record has been received and
> processed completely, SSL_read() will return reporting
> success. At most the contents of the record
> will be returned. As the size of an SSL/TLS record may
> exceed the maximum packet size of the underlying transport
> (e.g. TCP), it may be necessary to
> read several packets from the transport layer before
> the record is complete and SSL_read() can succeed.
>
> it speaks to what you are inquiring about
>
>
>
> Edward Chan wrote:
>
> > I have a question about SSL_read(). Am I correct in my
> understanding
> > that SSL_read() will not read from the socket as long as
> there is data
> > in the ssl buffers available for processing? And if there
> is data in
> > the ssl buffer but it cannot be processed because we don't have a
> > complete record, then I will get an SSL_ERROR_WANT_READ/WRITE, in
> > which case, I need to issue SSL_read() again to read more data from
> > the socket?
> >
> > Thanks,
> > Ed
> >
> ______________________________________________________________________
> OpenSSL Project http://www.openssl.org
> User Support Mailing List openssl-users@openssl.org
> Automated List Manager [EMAIL PROTECTED]
>
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
