tor 2002-07-18 klockan 13.04 skrev Bodo Moeller via RT:
> SSL_read() and SSL_write() are not really meant to be called with zero > length. The return value cannot be larger than zero when this is > done, so SSL_get_error() will interpret the return value as an error > indication. Then the documentation should say this in large friendly letters :) > We could change SSL_read() and SSL_write() to return an actual error > when they are called with length 0, but this might break programs that > do such calls but don't rely on SSL_get_error() for them. I suppose > it should be possible to change the implementations behind SSL_read() > and SSL_write() (i.e. ssl3_read() etc.) to use an extra flag for the > special case of zero length parameters so that SSL_get_error() will > indicate success unless there really was some kind of error, but I'm > not convinced this is worth the effort -- why call the functions with > length 0 anyway? Why? Perhaps because of mistakes in the coding. Perhaps because the author didn't think it was invalid and didn't want to add to the complexity of his code with Yet Another if. This bug bit us because the protocol framework we are using did exactly this and it took us a long time tracking it down. Note that it's perfectly valid to call write(2) with an empty string and that a zero return doesn't mean the connection was closed. A warning in the man pages for SSL_write (and probably SSL_read too) would a good start for this. Regards, Martin -- Martin Sjögren [EMAIL PROTECTED] ICQ : 41245059 Phone: +46 (0)31 7710870 Cell: +46 (0)739 169191 GPG key: http://www.strakt.com/~martin/gpg.html ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
