RE: SSL_R_BAD_WRITE_RETRY

Tue, 21 Aug 2007 03:25:45 -0700 

> David, no it's not that simple.
>
> > 1) You specifically did not tell OpenSSL to accept a moving
> write buffer.
>
> Correct, I did not tell OpenSSL to accept a moving write
> buffer... but then
> again, why would I?

Because your write buffer moves.

> If I haven't set SSL_MODE_ENABLE_PARTIAL_WRITE, then
> why should the stack care if the buffer moved during the next call?

Because you specifically asked it to care.

> Also,
> the documentation on SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER specifically says
> "(the buffer contents must stay the same)", which as I described it does
> not.

This settings *loosens* restrictions, it does not tighten them.

> > 2) You are wondering why OpenSSL is not accepting a moving write buffer.

> The buffer is more than moving; it's also a different size and with
> different content.  If I'm reading the code correctly, in
> s3_pkt.c:ssl3_write_pending:

The buffer is moving. You asked OpenSSL not to accept a moving write buffer.
That's probably the first thing you would want to fix.

>       if ((s->s3->wpend_tot > (int)len)
>               || ((s->s3->wpend_buf != buf) &&
>                       !(s->mode & SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER))
>               || (s->s3->wpend_type != type))
>               {
>               SSLerr(SSL_F_SSL3_WRITE_PENDING,SSL_R_BAD_WRITE_RETRY);
>               return(-1);
>               }
>
> there's more to this "if" than SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER... i.e.
> the check against the length alone could cause this error.  So yes, I am
> wondering why OpenSSL is not accepting this buffer.
>
> For grins, I tested with setting
> SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER, and as
> I expected, it still fails.  If I'm missing something even more basic,
> please explain.  Thanks, Mark.

Comments like, "I tried that and it still fails" are just not helpful. Does
it fail precisely the same way? Have you been able to figure out which
clause in the 'if' causes the failure?

But I think what you are trying to do is just not sane. You need a
definitive send queue to flush to OpenSSL. (Not that it has to be insane.
One could imagine an SSL library that supported this. OpenSSL just doesn't,
largely for historic reasons.)

DS


______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       [email protected]
Automated List Manager                           [EMAIL PROTECTED]

Reply via email to