John Gardiner Myers via RT wrote:
However my point of view is:Actually there is. It is important for OpenSSL to convey back to the application when it has successfully carried out all the following tasks: * to encode SSL control packet (with the way OpenSSL is imlemented this actually means to have flushed all outstanding application payload data down) * to enqueue SSL control packet * to push SSL control packet into BIO / kernel layers In reference to the data that makes up the SSL control packet indicating end-of-encrypted-stream. Any one of these operations might fail due to network conditions. Knowing this state has occurred is important if you want to call TCP shutdown(fd, SHUT_WR) on the underlying socket. Which is a TCP level end-of-write-stream indicator.The current documentation does not permit the caller to infer that it is safe to do a TCP shutdown(SHUT_WR) from a 0 return value. Neither does the implementation--it will return a 0 before the output BIO has been completely flushed.
You are correct on the documentation, the only issue there is that it has not been updated since it took some years to get the patch to support -1/WANT_WRITE and -1/WANT_READ into the main tree. But non the less the documentation can be updated to explain this subtle point.
With regards to the "Neither does the implementation" - Show me your test case proving this claim as I have a testcase that proves it has worked in at least the usage case tested in the matter I described. If you search this mailing list you should find a version of it posted in the past.
If you are found to be correct then this would be a bug from my point-of-view in that it should be maintaining a -1/WANT_WRITE soft-error state everytime SSL_shutdown() is called while the BIO can not be successfully flushed (due to IO blockage on the write side).
As for your other comments I have not responded as the most important thing you can do now is prove your claim so the bug can be understood and fixed.
Thanks Darryl ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [email protected] Automated List Manager [email protected]
