Re: int return values from ssl(3) API functions

Fri, 27 Apr 2001 05:28:53 -0700 

On Fri, Apr 20, 2001 at 11:29:51AM -0400, Tom Biggs wrote:

> I'm implementing code to do OpenSSL handshake/read/write
> for some radically different hardware.  These will completely
> replace the standard OpenSSL handshake state machine
> and most of the API functions at the SSL_METHOD level.
> 
> I am used to I/O return codes where
>   ( > 0 ) means success
>   ( == 0 ) means I/O block but otherwise no problem
>   ( < 0 ) means error
> 
> So far, I've implemented all my routines to work that way.

Usually 0 means EOF.  'I/O block' is a return value of -1 with errno
set to EAGAIN or EWOULDBLOCK, these days (O_NONBLOCK semantics).
You'd see 0 in these situations only if you use O_NDELAY, but you
should not do this: The O_NDELAY semantics make it impossible to tell
the difference between EOF (connection closed) and a EWOULDBLOCK
situation (connection open, but no data available) for read requests.

(While often both O_NDELAY and O_NONBLOCK are available, luckily only
the latter is standardized.)


> According to the manpages for the ssl(3) API functions,
> OpenSSL works a bit differently
>   ( > 0 ) means success
>   ( == 0 ) means error
>   ( < 0 ) means error
> 
> In both cases the manpage advises calling SSL_get_error()
> to find the reason.

When SSL_read() etc. return 0 this means that EOF was encountered.
To find out if this is an error, you have to call SSL_get_error();
it might be a legitimate closure.

When SSL_read() etc. return -1, this is not necessarily an error;
it might be an EWOULDBLOCK situation.  Again you'll have to
call SSL_get_error() to check.

You don't have to look at SSL_{connect,accept,read,peek,write} return
values in your program; just pass them over to SSL_get_error().
For positive return values, SSL_get_error() will always return
SSL_ERROR_NONE; but for 0 or -1, there's usually not much the
application can find out by itself.


-- 
Bodo Möller <[EMAIL PROTECTED]>
PGP http://www.informatik.tu-darmstadt.de/TI/Mitarbeiter/moeller/0x36d2c658.html
* TU Darmstadt, Theoretische Informatik, Alexanderstr. 10, D-64283 Darmstadt
* Tel. +49-6151-16-6628, Fax +49-6151-16-6036
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]

Reply via email to