John Gardiner Myers via RT wrote: >> However my point of view is: >> >> Actually there is. It is important for OpenSSL to convey back to the >> application when it has successfully carried out all the following tasks: >> * to encode SSL control packet (with the way OpenSSL is imlemented >> this actually means to have flushed all outstanding application payload >> data down) >> * to enqueue SSL control packet >> * to push SSL control packet into BIO / kernel layers >> In reference to the data that makes up the SSL control packet indicating >> end-of-encrypted-stream. Any one of these operations might fail due to >> network conditions. >> >> Knowing this state has occurred is important if you want to call TCP >> shutdown(fd, SHUT_WR) on the underlying socket. Which is a TCP level >> end-of-write-stream indicator. > > The current documentation does not permit the caller to infer that it is > safe to do a TCP shutdown(SHUT_WR) from a 0 return value. Neither does > the implementation--it will return a 0 before the output BIO has been > completely flushed.
You are correct on the documentation, the only issue there is that it has not been updated since it took some years to get the patch to support -1/WANT_WRITE and -1/WANT_READ into the main tree. But non the less the documentation can be updated to explain this subtle point. With regards to the "Neither does the implementation" - Show me your test case proving this claim as I have a testcase that proves it has worked in at least the usage case tested in the matter I described. If you search this mailing list you should find a version of it posted in the past. If you are found to be correct then this would be a bug from my point-of-view in that it should be maintaining a -1/WANT_WRITE soft-error state everytime SSL_shutdown() is called while the BIO can not be successfully flushed (due to IO blockage on the write side). As for your other comments I have not responded as the most important thing you can do now is prove your claim so the bug can be understood and fixed. Thanks Darryl ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [email protected] Automated List Manager [email protected]
