Well, the BIO_write or BIO_read on the SSL BIO wrapping the decrypted side of the SSL "black box" don't return WANT_* codes. They return the number of chars transferred, or -1 in case of error. At that point, one can get the SSL Error from the SSL session.
The thing is, sometimes I don't get WANT_READ or WANT_WRITE in that case, suggesting that something has to happen on one of the other ports related to the SSL state machine. In particular I set up a bio pair on the network/encrypted side (with 4096 byte buffers), and an SSL BIO on the decrypted side. I found that in one instance, I had what appeared to be 16384 (EXCACTLY 4 x 4K) byte encrypted SSL frames on the network side, and got "stuck": I could not write to the network side of the BIO pair to push received data through it (I can't wait until I can do so and then select() in my app -- network data is pushed to me as it arrives). The BIO write_guarantee was zero. If I tried to read from the SSL bio, I DID NOT get WANT_READ, and no bytes were returned. But, if I tried again to get the network side write guarantee, low and behold, I got 4K! It looked like some kind of state advance between the last decrypted buffer of four from the last 16K encrypted SSL frame that did not provide data, but consumed some to decrypt. I had to modify my app to see if I could write to the network side of the BIO pair, read from the decrypted side, and if both processed no data, try to write to the network side once more IGNORING the WANT_READ/WRITE flag because it was not set. That was a bit disconcerting. So, I wonder if the WANT_READ/WANT_WRITE flags are consistent when wrapping the decrypted side with SSL BIOs. I don't have to use them -- it just seemed like a good idea at the time. -----Original Message----- From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of David Schwartz Sent: Friday, May 29, 2009 3:46 PM To: openssl-users@openssl.org Subject: RE: Non_Blocking Socket 'SSL_write' returns with SSL_ERROR_WANT_READ. Wait in 'select' for data. But Other end too wait for read ! i.e. Both ends waiting for data. -> DEAD LOCKED You have four ports that you should not think of as related. They are only temporarily related with a function returns a WANT_READ/WANT_WRITE indication. And, again, that relationship is only valid so long as no port makes any forward progress. DS @openssl.org
