On Sat, Jun 10, 2006 at 03:54:18PM -0700, David Schwartz wrote:
> > I do not agree. SSL_read() should be corrected.
>
> If you call SSL_read, an application-level read function, with a blocking
> socket, you are asking it to block until it can read application-level data.
>
> The error is simple -- for an SSL connection, a read hit from 'select' does
> not guarantee that application-level data has been received, so it is an
> error to call an application-level blocking read function just because of
> this. The change you would suggest would break applications that use a
> blocking SSL_read correctly, as a way to block until application-level data
> has been read.
>
Is nobody in this thread familiar with the BIO interface?
bio(3)
BIO_new_bio_pair(3)
...
One typical use of BIO pairs is to place TLS/SSL I/O under
application control, this can be used when the application
wishes to use a non standard transport for TLS/SSL or the
normal socket routines are inap- propriate.
Calls to BIO_read() will read data from the buffer or request
a retry if no data is available.
Calls to BIO_write() will place data in the buffer or request
a retry if the buffer is full.
The standard calls BIO_ctrl_pending() and BIO_ctrl_wpending()
can be used to determine the amount of pending data in the
read or write buffer.
...
Both halves of a BIO pair should be freed. That is even if one
half is implicit freed due to a BIO_free_all() or SSL_free()
call the other half needs to be freed.
When used in bidirectional applications (such as TLS/SSL) care
should be taken to flush any data in the write buffer. This can be
done by calling BIO_pending() on the other half of the pair and,
if any data is pending, reading it and sending it to the underlying
transport. This must be done before any normal processing (such
as calling select() ) due to a request and BIO_should_read()
being true.
...
SSL_set_bio(3)
SSL_read(3)
If you create a bio_pair, and instruct SSL via SSL_set_bio to use the bio
pair, SSL_read never directly reads the network, if it wants more data
and the read BIO is empty it tells you, and if its write BIO is full,
it likewise tells you. It is up to the application to fill the and
drain the bios from/to the socket.
--
Viktor.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
