Alain Damiral wrote:
I'm wondering if it would not be highly appropriate to have an
'SSL_select' call defined by OpenSSL to have all operations on sockets
fully encapsulated and allow to reach the desired behaviour without
short-circuiting the layer approach... (it would provide similar
behaviour as classical select on plain sockets with regard to
application data).
Now I apologize if this thought is trivially appropriate or trivially
inappropriate - I missed the beginning of this thread to be honest.
Nice idea, but...
It doesn't play well with existing programs. In the application we need
one point of control (the select() in the main event loop) where the
program can wait to do more work or timeout.
The only way to work a SSL_select() is either:
* Make SSL_select() aware of all the other fd's in an application so
it can watch them all for you. This means you hand over your select()
model to OpenSSL, I'd say this is unnecessary and not OpenSSL's job.
* Use the timeout value of the applications select() and poll. But
what do you set the timeout too ? Results in unusable delays in data
processing and extra CPU usage having to poll when no events occur, a
problem if you have 100 processes doing that loop.
Neither approach would be as simple solution a solution than a
transparent-blocking mode.
Looking at the OpenSSL code maybe I can prepare a patch to provide that
as a new option (based on how I explained the implementation would work
in another thread), which can then be activated through a new option.
Before it seeks approval for use by default and the current
spongey-blocking mode dropped (or retained via an option in reverse).
This is all possible and presumes the current non-blocking mode state
machine inside OpenSSL is flawless by design, but as I say if this
exposes non-blocking bugs they should be fixed too.
I think the bulk patch will be less than 60 lines of code changes.
I am currently looking at the code to fix the SSL_accept() in
non-blocking as thats not consistant either.
Darryl
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]