Hello, > > You should change loop ending condition - this loop should end > > when SSL_ERROR_WANT_READ or SSL_ERROR_WANT_WRITE occur because > > this errors may be returned on non-blocking sockets on SSL_read() > > and on SSL_write(). On normal use this will happen mostly where > > re-handshake is going on but this may happen where empty SSL fragments > > are sent over network (of course this may happen on some system > > condition too). > > I'm a little unclear on how this should be implemented.. so if I call > SSL_read, get -1 back, and err = SSL_ERROR_WANT_READ, do I just call > SSL_read again? No, for now there is no data available, return control to "upper" layer select().
> Because that's what I've been doing and it ends up > in an infinite loop. And because you try to read data that is not available you get infinite loop. > Also, is err = SSL_ERROR_WANT_WRITE, but I have > no data to write (because I'm waiting to see what the server sends me > before replying), what should I write in my call to SSL_write? If this hint is from SSL_read() this means that SSL protocol wants something to write - not your application, but this is not possible now. For example, when you call SSL_read() to write some data, there may be renegotiation (negotiation new security parameters) in progres which is sequence of SSL records read/write. In this situation calling SSL_read() next time is enough (SSL layer will continue to write its own data and after this read real data) but this SSL_read() should be performed when socket descriptor is ready for write now. Best regards, -- Marek Marcola <[EMAIL PROTECTED]> ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
