If you get an SSL_ERROR_WANT_READ while trying to do SSL_write, you select() for reading on the socket, then you call SSL_write again with the same arguments when you can.
Basically, when you make a call into the black box of the library, you're stating that you want a certain thing to happen -- and you will retry that thing as much as necessary to make it happen, until a fatal error occurs on that connection. This is essentially a "contract" between you and the library. On the other end of the connection, if you get SSL_ERROR_WANT_WRITE when trying to do an SSL_read, then you select() for writing on that socket, and then SSL_read again when it returns in the affirmative. Remember: the OpenSSL layer will handle all of the underlying things for you, and make as much progress as possible given the current state of the network. If it needs to read (even during an SSL_write) and can't, it'll return WANT_READ. If it needs to write (even during an SSL_read) and can't, it'll return WANT_WRITE. If you get either of those return codes, you need to perform exactly the same call into the library when it can make forward progress. (You can do an SSL_[CTX_]set_mode([ssl|ctx],SSL_MODE_AUTO_RETRY) to basically force the library to keep attempting the same operation over and over and over again until it completes, but there's no upper bound on how long it can take and it doesn't return until the operation is done. This prevents you from ever seeing the WANT_ codes, but it has the pleasant side effect of never confusing you as to what you need to do.) Note that the WANT_READ and WANT_WRITE are SSL* specific. You can perform operations on other SSL* connections while waiting for the select() to return what you need. -Kyle H On Fri, May 29, 2009 at 12:08 PM, Rene Hollan <rene.hol...@watchguard.com> wrote: > Er, but what if you get a SSL_ERROR_WANT_READ while trying to SSL_write? > > Surely, this likely happens because the network/SSL BIO pair hasn't handled > the peer to peer SSL session negation yet, and one would have to read or > write from the network side of the BIO pair. > > This is what's confusing to many, I think: the operation on one of the four > ports of the SSL engine can't progress unless there is an appropriate > operation on ANOTHER (related) port. > > And yet, you say don't make a different SSL call. Or, did you mean on the > same SSL session? > > I wrap the SSL engine with SSL BIOs on the decrypted side and a BIO pair on > the encrypted side (so all my interactions with the SSL state machine are via > BIOs) and I very much need to do a BIO_read on one side of BIO_write on the > other side fails, with SSL_ERROR_WANT_WRITE. > > > -----Original Message----- > From: owner-openssl-us...@openssl.org > [mailto:owner-openssl-us...@openssl.org] On Behalf Of Kyle Hamilton > Sent: Friday, May 29, 2009 11:23 AM > To: openssl-users@openssl.org > Subject: Re: Non_Blocking Socket 'SSL_write' returns with > SSL_ERROR_WANT_READ. Wait in 'select' for data. But Other end too wait for > read ! i.e. Both ends waiting for data. -> DEAD LOCKED > > If you get an SSL_ERROR_WANT_*, you should call *exactly* the same > function that you just called -- do NOT call SSL_read if you were just > performing an SSL_write. Perform the select() for reading on that > file descriptor (to see when it's able to be read from), and then do > the SSL_write again with exactly the same parameters (including the > full arguments, i.e. the entire buffer that you sent to SSL_write > before -- no matter its return value for how many bytes were > successfully written). > > -Kyle H > > On Fri, May 29, 2009 at 3:40 AM, Asanka Kumara <asan...@millenniumit.com> > wrote: >> >> Hi, >> >> Non-Blocking Server Side socket on solaris. >> >> >> a). Attempt to write data on with SSL_write. This returned with >> SSL_ERROR_WANT_READ. >> >> (So as I assume what should be done is, >> 1. wait for data from the other end on this socket in a select call, >> 2. when select detects data is available call 'SSL_read' with this socket >> 3. only if SSL_read returns SSL_ERROR_NONE then call 'SSL_write' again with >> above (step a) data (re-insert) >> ) >> >> >> But what happens is >> 1. wait for data from the other end on this socket in a select call, >> 2. when select detects data is available call 'SSL_read' with this socket >> BUT THIS returns with SSL_ERROR_WANT_READ >> (I assume this means SSL want more data form the other end) so I wait for >> data form other end in 'select' again BUT DATA IS NOT Received from the >> other end >> and >> Furthermore Other end (Client Side Socket - which is a blocking socket) is >> also waiting (i.e. blocked) for data. >> >> So both ends waiting for data and no one receives !!!!!!! >> >> >> Could any one help please !!!! >> >> >> ******************************************************************************************************************************************************************* >> >> "The information contained in this email including in any attachment is >> confidential and is meant to be read only by the person to whom it is >> addressed. If you are not the intended recipient(s), you are prohibited from >> printing, forwarding, saving or copying this email. If you have received >> this e-mail in error, please immediately notify the sender and delete this >> e-mail and its attachments from your computer." >> >> ******************************************************************************************************************************************************************* >> ______________________________________________________________________ >> OpenSSL Project http://www.openssl.org >> User Support Mailing List openssl-us...@openssl.org >> Automated List Manager majord...@openssl.org >> > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List openssl-us...@openssl.org > Automated List Manager majord...@openssl.org > ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
