I like it:
* make a read for data length = read buffer length (some kbytes) and
then loop on SSL_pending and SSL_read to get the rest of the
record, until SSL_pending returns 0. In that case, after the first
SSL_read has returned something select is useless.
BTW, does anybody know why does SSL_pending returns 0 if SSL_read has
not been called?
e.g. if I write 8 bytes into a BIO_pair, shouldn't SSL_pending be 8?
Indeed, if I call SSL_read(... 1 byte), then SSL_pending returns 7.
I was planning to do something like:
while (SSL_pending( ) > 0)
{
SSL_read ( )
// check for errors, want read/write, handle data, etc...
}
but it won't work, since SSL_pending returns 0 the first time thru.
Thanks,
n8
-----Original Message-----
From: owner-openssl-us...@openssl.org
[mailto:owner-openssl-us...@openssl.org] On Behalf Of Francis GASCHET
Sent: Tuesday, March 31, 2009 5:29 AM
To: openssl-users@openssl.org
Subject: Re: last data bytes not delivered when read in several small buffers
Hello Kyle,
Thank you for these explanations. Things are becoming clearer.
An important point about the application is : it's a relay (gateway).
So it doesn't have only to take care of the SSL side, but also of the
relayed application (private) side.
It's a non-blocking environment, so I am quite apprehensive about loops.
I need to be awaken also when something arrive from the private side
(pure TCP socket ). So I need select and I've to combine TCP sockets
and SSL "socket" in the same monitoring loop.
> You can suppress this behavior (and ensure that you could loop like
> that) by calling SSL[_CTX]_set_mode(ctx, SSL_MODE_AUTO_RETRY).
>
From the man page : "The flag SSL_MODE_AUTO_RETRY will cause
read/write operations to only return after the handshake and
successful completion.
So I fear that it's not a that good idea in my environment. Am I wrong ?
> SSL should be the only thing that handles things like MAX_RECORD_SIZE.
OK, but from the source, I discovered that SSL_read is blocking until
it receives a complete record. So, if I want to be awaken with select
I must either:
* make a read for data length >= "max record length", but I depend
on internal value (XXXXXX_LENGTH) which is not very clean,
* make a read for data length = read buffer length (some kbytes) and
then loop on SSL_pending and SSL_read to get the rest of the
record, until SSL_pending returns 0. In that case, after the first
SSL_read has returned something select is useless.
Anyway I'm blocked in the first SSL_read while SSL is reading the
whole record so both method should give the same result in term of
response time, and the second one is cleaner. Is it correct?
Best regards,
--
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
