No, the call will not necessarily block until 10 bytes are read. Timeouts
have to be managed with the underlying transport, e.g. using the sockets
API; openssl does not provide an API for doing this.
To avoid truncation attacks, your application needs to know when it has
gotten all the data it should have. There are multiple ways of doing that,
including: looking for structure in the data that signals the end of data,
e.g. </HTML>; knowing exactly how many bytes you should get and reading that
many; reading data until the peer sends a close_notify alert.
_____________________________________
Greg Stark
Ethentica, Inc.
[EMAIL PROTECTED]
_____________________________________
----- Original Message -----
From: "Patrick Li" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Wednesday, February 21, 2001 8:43 PM
Subject: SSL_read
> Hi,
>
> I got a question about SSL_read. If the socket is blocking one and I
> specify SSL_read to read for 10 bytes. Will the call be blocked until
> exactly 10 bytes are read. Is there a way to set a timeout?
>
> Thanks
> patrick
>
> ______________________________________________________________________
> OpenSSL Project http://www.openssl.org
> User Support Mailing List [EMAIL PROTECTED]
> Automated List Manager [EMAIL PROTECTED]
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
