If all that was sent was the protocol data that the write was
waiting for to satisfy the ssl state machine, and no application data was
sent, would SSL_read return the number of bytes actually read off the socket
(which is just protocol data), or would it read that transparently and
return 0 indicating that no application data was read?
Ah. Key question!
SSL_read will return a positive number indicating the number of APPLICATION DATA bytes written into your buffer.
A ZERO indicates a closed connection.
A negative result indicates an error (or rather, that your request could not be satisfied). In the case of a WANT_READ or WANT_WRITE, that some action in the BIO needs to occur to satisfy the request.
The important thing to keep in mind is that the SSL objects are not inherently tied to sockets. You might be trying to read SSL decrypted data from your own internal buffer. In which case, a WANT_READ means that you need to move a few more bytes into the BIO's buffer.
Check out the man page for the SSL_get_error function yet once again. Skip down to the section titled "SSL_ERROR_WANT_READ, SSL_ERROR_WANT_WRITE" in the context of these discussions, keeping in mind the idea that an SSL object might not be necessarily connected to a socket.
(What really frustrated me when I was learning how this worked was that the examples and discussions in the O'Reilly OpenSSL book were wrong on this topic.)
smime.p7s
Description: S/MIME cryptographic signature
