> AGAIN... since I'm not using SSL_MODE_ENABLE_PARTIAL_WRITE, > I would expect no part of the buffer I provide to be used in a write > failure situation and therefore there should be no concept of a write > buffer moving... the next write is a new and unrelated write. > To clarify, I would expect that the write would return that it either: > > a) sent everything (len), or > b) sent nothing (zero or error) > > Either way, I would expect that the next call to write would be completely > independent from the previous. It's not clear to me why you cannot see > this perspective. I suppose you're thinking the same thing about my > position. If it just doesn't work that way, I certainly don't know what > SSL_MODE_ENABLE_PARTIAL_WRITE is for then.
Please, just answer me this one question: You call SSL_write and pass it D bytes of data. It encrypts those bytes and packages them as a record. The record is A bytes of header, D bytes of data, followed by C bytes of checksum. When SSL calls 'write' to write A+D+C bytes to the socket, it gets A+D back. The socket would block if it tries to send the checksum, but the header and encrypted data have been sent. Of course, the other end will not consider any data received until it gets the checksum. First, do you think OpenSSL can avoid this somehow? There is no "send all or none" function in TCP. What return value makes sense with your model? If it says it sent everything, you will not call into SSL again unless you have something to write or expect to read something. If neither is the case, when will OpenSSL get the chance to send those C bytes left over? If it says it sent nothing, you will think you are totally free to send some other data and that data will never arrive at the other end. How is OpenSSL supposed to make that happen? Again, what you are trying to do is simply not sane. You must have a logically consistent send buffer in order for OpenSSL to produce a logically consistent output stream. DS ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager [EMAIL PROTECTED]