Hi there. My app gets a packet of SSL protocol data from the network. Stuffs it into a BIO (BIO_s_mem()) and I then plan to call SSL_read to dump out the plain text data.
My first intuitive assumption is to loop on SSL_pending while running SSL_read. But then it seems both from the man page and from practise that this call is somewhat unreliable. 1: "SSL_pending() returns the number of bytes which are available inside ssl for immediate read." 2: "Data are received in blocks from the peer. Therefore data can be buffered inside ssl and are ready for immediate retrieval with SSL_read(3)." 3: "Up to OpenSSL 0.9.6, SSL_pending() does not check if the record type of pending data is application data." I'm using OpenSSL 0.9.7a, and SSL_pending seems to randomly (probably not) report 0 or != 0, regardless of wether or not SSL_read gives me bytes. Note that all data available is what I have explicitly written to the BIO, so I would assume that if SSL_pending says 0 then SSL_read will fail. But that is not the case, so I'm stuck with figuring out when to terminate my loop. Thinks _work_ when I terminate my loop on SSL_read returning -1 and SSL_ERROR_WANT_READ, which is something that I have assumed means there's a renegotiation taking place. But is this proper practise, or is there a better way to read all data from the ssl using SSL_read? Any help appreciated, Andy :-) -- Andreas Aardal Hanssen ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
