The problem is the NsOpenSSLSend() function in ssl.c, in nsopenssl-2.0.
BIO_write is returning a "resource not available, try again" error, but
NsOpenSSLSend is not checking for that, and so behaves as though it were
a non-recoverable error, aborting the write instead of trying again.
A simple loop over the SSL_write() fixes this. Ironically, there is
commented out code at the bottom of the function which would handle
retries. However, the comment reads "this BIO_write loop doesn't work,
but seems like it should". So it looks like Scott did consider this
possibility, but it kind of slipped through the cracks in the final
release. Indeed, NsOpenSSLRecv() does loop and handle retries.
Anyway, I simply changed the SSL_write to operate in a loop, as follows:
do {
rc = SSL_write(ccPtr->ssl, buffer, towrite);
towrite -= rc;
} while ( BIO_should_retry(ccPtr->ssl->wbio) &&
BIO_should_write(ccPtr->ssl->wbio) );
Does anyone know whether it's better to use SSL_write or BIO_write in
this case?
Rob
