> WRITING: > when BIO_write() returns me SSL_ERROR_WANT_READ, it`s because I > have in SSL buffer some data for reading (perhaps the message > from server) so I need to call the BIO_read function.
No, you call the BIO_read function when you want to read data from the BIO. When BIO_write returns 'SSL_ERROR_WANT_READ' that means that you cannot write to the BIO until the BIO is able to read something. One thing you could do is select on the socket for read and when you get a read hit, call BIO_write again. BIO_write is when you want to write to the BIO. It may read or write from a socket as the SSL protocol requires. However, you call it when you want to write to the BIO. If it needs to read from the socket, it will tell you, and you can retry the BIO_write whenever you want. > But > somewhere I read, that this error is thrown, when the > rehandshaking is making, so I need only wait a moment and then > try again. Is right the first case or second. This is true too. However, it is probably cleaner to 'select' for read. However, do not select for read if you call BIO_read after calling BIO_write. You can deadlock if you do this. Consider: 1) You call BIO_write, you get SSL_ERROR_WANT_READ because handshaking has not been read yet. 2) You (perhaps in another thread) call BIO_read, it reads the handshaking data. A BIO_write will now succeed. 3) Ooops, the first thread calls 'select' and is now waiting for data that has already been read. > I can have the SSL_ERROR_WANT_WRITE too. It means that the > buffer is full and I can`t write there the whole record. Is it > right to wait on select() and try it again when the select tells > me, the socket is ready to write? Yes. That applies even if you call BIO_read and got SSL_ERROR_WANT_WRITE -- you should select for write and call BIO_read when the select succeeds (or a BIO_write succeeds, because that could do the writing without you knowing). > READING: > SSL_ERROR_WANT_READ - its possible I have some data in network > buffer, but non in SSL buffer, so I must wait a while. Because > the SSL hasn`t whole record. > SSL_ERROR_WANT_WRITE - rehandshaking, only wait a moment and try it again This may be what's happening in specific cases, but the general meaning is this: SSL_ERROR_WANT_READ: The operation you tried cannot proceed until some data arrives on the socket. SSL_ERROR_WANT_WRITE: The operation you tried cannot proceed until some data can be written to the socket. > Are the actions I do after receive some of this errors corect, or > am I totaly misunderstud?? In either case, you should 'select' for the appropriate operation and retry whatever operation you were trying either when the 'select' indicates a hit or another BIO operation succeeds. DS ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]