Re: [openssl-users] Graceful shutdown of TLS connection for blocking sockets

The way to handle this situation is simply to never enter SSL_read() if there isn't anything to read on the socket. select() or pselect() are your friends, here, because they'll tell you if there's data to read from the underlying file descriptor. I hope this helps! -Kyle H On Oct 5, 2017

Re: [openssl-users] Graceful shutdown of TLS connection for blocking sockets

On 10/8/2017 4:17 AM, Kyle Hamilton wrote: The way to handle this situation is simply to never enter SSL_read() if there isn't anything to read on the socket. select() or pselect() are your friends, here, because they'll tell you if there's data to read from the underlying file descriptor. I

Re: [openssl-users] Graceful shutdown of TLS connection for blocking sockets

While I understand that using non-blocking descriptors is a better practice, I still do not see why select() should NEVER be used for blocking sockets (except when combined/interfered with the internal OpenSSL state machine or equivalent mechanism). Could you please elaborate or give an example ?

Re: [openssl-users] Graceful shutdown of TLS connection for blocking sockets

On 10/8/2017 7:28 AM, Michel wrote: While I understand that using non-blocking descriptors is a better practice, I still do not see why select() should NEVER be used for blocking sockets (except when combined/interfered with the internal OpenSSL state machine or equivalent mechanism). Could you

Re: [openssl-users] Graceful shutdown of TLS connection for blocking sockets

Hi Thomas, I do not think that non-blocking code is hard to implement, but I am not still convinced there is not some kind of confusion here. Pardon me if I do not understand well your reasoning, but I just want to highlight that SSL_read() contract is not to return TCP data, but SSL/TLS data

Re: [openssl-users] Graceful shutdown of TLS connection for blocking sockets

Important caveat: SSL_read() and SSL_write() don't directly return SSL_ERROR_WANT_READ or SSL_ERROR_WANT_WRITE. Those values are returned by SSL_get_error(). I apologize for the misstatement. -Kyle H On Sun, Oct 8, 2017 at 5:58 PM, Kyle Hamilton wrote: > Do you have a

Re: [openssl-users] Graceful shutdown of TLS connection for blocking sockets

Do you have a reference to what should be done instead? My understanding of what happens with blocking sockets is that SSL_read() will return SSL_ERROR_WANT_READ if it needs additional data read from a socket that doesn't have it available (and will return SSL_ERROR_WANT_WRITE if it needs to

Re: [openssl-users] Graceful shutdown of TLS connection for blocking sockets

On 10/8/2017 5:58 PM, Kyle Hamilton wrote: Do you have a reference to what should be done instead? My understanding of what happens with blocking sockets is that SSL_read() will return SSL_ERROR_WANT_READ if it needs additional data read from a socket that doesn't have it available (and will