The tls_init(3) man page states:
The tls_close(), tls_read() and tls_write() functions, along with the
tls_accept() and tls_connect() function families, have two special return
values:
TLS_READ_AGAIN A read operation is necessary to continue.
TLS_WRITE_AGAIN A write operation is necessary to continue.
The caller should call the appropriate function or, in the case of the
tls_close() and the tls_accept() and tls_connect() function families,
repeat the call.
I find the reference to "appropriate function" unclear. Perhaps there is
some deeper meaning that I'm missing, but since in each case the required
action is to repeat the call it is clearer to state that directly.
I've also included a note about the non-blocking case.
Index: tls_init.3
===================================================================
RCS file: /cvs/src/lib/libtls/tls_init.3,v
retrieving revision 1.23
diff -u -p -r1.23 tls_init.3
--- tls_init.3 3 Apr 2015 22:33:43 -0000 1.23
+++ tls_init.3 18 Apr 2015 07:38:38 -0000
@@ -424,13 +424,14 @@ A read operation is necessary to continu
A write operation is necessary to continue.
.El
.Pp
-The caller should call the appropriate function or, in the case of the
-.Fn tls_close
-and the
-.Fn tls_accept
-and
-.Fn tls_connect
-function families, repeat the call.
+In response to these return values the original call must be repeated
+with the same arguments.
+If the underlying socket is non-blocking the caller should first
+confirm that the socket is ready to support the required operation,
+such as by using
+.Xr poll 2
+or
+.Xr select 2 .
.Sh ERRORS
The
.Fn tls_error
