On Fri, May 08, 2020 at 01:27:00PM +0300, Dmitry Belyavsky wrote: > On Fri, May 8, 2020 at 1:10 PM Kurt Roeckx <k...@roeckx.be> wrote: > > > > So I think the suggestion is to have this: > > - By default, SSL_ERROR_SSL is returned with > > SSL_R_UNEXPECTED_EOF_WHILE_READING, the session will be > > marked invalid. > > - With an option, SSL_ERROR_ZERO_RETURN is returned, the session > > will stay valid. > > > > If I remember correctly, session resumption is a way to significantly > reduce a server's workload. > So I think that by default (and maybe the only option) we should prefer the > old behaviour.
If it's a fatal error, the session should be marked as bad. So if you want that by default we don't mark is as bad, the default should be that it's a non-fatal error, and we don't want to return SSL_ERROR_ZERO_RETURN by default. SSL_ERROR_SYSCALL with errno 0 does not look like a good long term API to indicate a non-fatal error. And a different error is also not what people want. Kurt