> int SSL_poll(struct pollfd *fds, nfds_t nfds, int timeout, > struct SSL_pollctx *sctx, nfds_t nsctx);
I like this approach a lot. Could someone with great familiarity of OpenSSL's guts give the five minute explanation of what's involved in making this happen? I can start with what I know, and maybe that will save somoene some time (they may just have to explain where I'm wrong). ;) First, SSL_poll has to check if any of the SSL contexts can make forward progress immediately based just on what OpenSSL knows internally. For read, this means any decrypted data bytes are buffered. For write, this means that no negotiation data needs to be read first. While this is taking place, OpenSSL can build its own 'struct pollfd'. It should probably put the user's fds first to make post-processing simpler. But then it should add any fds it discovers need to be blocked on to permit forward progress on the SSL connections. If any connections can make forward progress immediately, it should free the 'poll' structure it was building and return immediately. (Note: There should perhaps be some return value that means 'check only the SSL structures'.) If not, OpenSSL should call SSL_poll with the newly-build set. If there's a timeout, OpenSSL should return immediately. If any sockets are discovered, OpenSSL should try to account for all of them looking at just the sockets it added (the end of the set). If OpenSSL can account for all the connections, it just updates the SSL poll context and is done. If not, it has to copy the user's poll data and returns. Perhaps the SSL poll context should have a field for the number of SSL connections discovered and should return only the number of non-SSL connections discovered. This preserves the semantic simplicity (the return value has the same meaning to existing non-SSL-aware 'poll' code). Am I missing anything? Is there any reason this is particularly difficult? We don't want to have to call SSL_read/SSL_write and get a block indication or attempted socket I/O on every connection. We only want to check what we know on our own status with no system calls prior to calling 'poll'. Is there any reason that's overly difficult? DS PS: Apologies for any odd formatting. This isn't my usual mail program. ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
