On Thu, Jun 22, 2006 at 10:41:14PM +0100, Darryl Miles wrote: > SSL_CTX_set_mode(3) > > SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER > Make it possible to retry SSL_write() with changed buffer > location (the buffer contents must stay the same). This is not the > default to avoid the mis- > conception that non-blocking SSL_write() behaves like > non-blocking write(). > > > > What is that all about ? My application makes no guarantee what the > exact address given to SSL_write() is, it only guarantees the first so > many bytes are my valid data. Why do I need to give it such guarantees ?
When using SSL_write() over a non-blocking transport channel, you may have to call SSL_write() multiple times until all your data has been transferred. In this case, the data buffer needs to stay constant between calls until SSL_write() finally returns a positive number since (unless you are using SSL_MODE_ENABLE_PARTIAL_WRITE) some of the calls to SSL_write() may read some of your data, and if the buffer changes, you might end up inadvertantly transferring incoherent data. To help detect such potential application bugs, OpenSSL includes a simple sanity check -- if SSL_write() is called again but the data buffer *location* has changed, OpenSSL suspects that this is a mistake and returns an error. But sometimes, you might want to change the buffer location for some reason, e.g. since the SSL_write() data buffer is just a window in a larger buffer handled by the application. To tell OpenSSL that such an address change is intentional in your application, and that the application will make sure that any buffer contents will be preserved until SSL_write() reports success, you can set the SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER flag. This will not change OpenSSL's operation in any way except disabling the sanity check, since settings this flag indicates that your application does not require this check. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]