> > Yes, I think I understand what you are saying. If I get a > WANT_READ > > from a call to SSL_write, that means I need to read some > data before I > > can send. > > Not quite, it means the OpenSSL engine must read some > data (from the > socket) before you can perform the 'write' logical operation > on the connection state machine. > > > But like you said, there may not be any data to read since > the other > > end may not have sent anything. > > There may not be any application data, but there should > be data sent over the SSL connection.
Protocol data? Like an ack for some previous data sent? > > > But I think my problem was that I was thinking in terms of > application > > data. What I failed to realize was that there may not be any > > application data to read, but if the other end is a valid > ssl client, > > there should have been some ssl protocol data that was > sent, that my > > end needs to read before my call to SSL_write will succeed. > Does that > > sound right? > > If by "your end", you mean your end of the SSL > connection, yes. If by "your end", you mean the application, > no. The purpose of the SSL_read function is to read > application data from the SSL connection state machine. You > should call it if and only if that is what you want to do. Since I'm using socket BIO, I am letting SSL_read/SSL_write handle all my socket I/O. So I am not explicitly reading from the socket and feeding it to OpenSSL (I just call SSL_read). So when I say "your end", I mean the other end of the socket. > > > And since an SSL_read may write as well as read, and SSL_write may > > read as well as write, then either of these calls would read the > > required protocol data such that a retry of the call that > resulted in > > the error should now succeed. > > There you go. Since you're using socket BIOs, the state > machine will access the socket when it needs to, so you just > need to retry the operation later. > If you want, you can use 'select' to tell when it's enough later. > > > So eventhough my call to SSL_write resulted in the > WANT_READ error, if > > my read thread happened to do an SSL_read first, it still > would have > > read the protocol data, and my retry of SSL_write should > succeed. Am I right? > > Close? Way off? > > If either an SSL_write or an SSL_read results in a > WANT_READ error, it means that neither call can progress > until some data is read from the socket. You can retry the > operation later, try another operation, or whatever you want > to do. You can take the hint that 'select'ing on the socket > for readability will likely tell you when the operation is > going to succeed. I do select on the socket. Basically, I have a thread pool that I use for I/O. Writes are synchronous, so I expect to finish writing all the data before I exit my write function. But since I don't want to tie up a thread blocking on the read waiting for data to arrive (since I have no idea when data will arrive), I add it to a list of sockets that I am select'ing on. Since my write is synchronous, and if I get a WANT_READ error, then that means I need to read some ssl data before I can continue. So I will select on the socket until data arrives. I'm assuming that the data WILL arrive. There is no chance that I could be blocked here indefinitely is there? I'm assuming that the data is some SSL protocol data that is SHOULD have been sent by the other end of the connection (assuming it is a valid SSL client). Now, I also have a read thread that was select'ing on the socket waiting for data to arrive. So either of these 2 threads may read data. Both threads are select'ing on the socket. So if the read thread wakes up first and acquires the lock, then it will do an SSL_read before the write thread wakes up and retries an SSL_write (which was the operation that caused the WANT_READ error in the first place). So my question is, is this ok? If it was an SSL_write that caused the WANT_READ error, do I HAVE to retry the SSL_write before I can do an SSL_read? The SSL_read should read whatever data the ssl state machine was expecting, and the next try of SSL_write should then succeed right? ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [email protected] Automated List Manager [EMAIL PROTECTED]
