> Thanks for your response David, Rodney. > > I understand (clearer now) the requirement that: > > * If SSL_read reports WANT_WRITE; we need to issue an immediate SSL_write > However; what do I actually write? Do I write a blank/empty string > (SSL_write(ssl, "", 0)?) - I may not have anything to write. > Please confirm?
No. WANT_WRITE means that SSL_read cannot make further progress until some data can be written to the socket. SSL_write is for encrypting platintext. > * If SSL_read reports WANT_READ; re-try the read, before issuing an > SSL_write before the retry of the read. Please confirm? If SSL_read reports WANT_READ, it means it cannot make further progress until some data is read from the socket. > * If SSL_write reports WANT_WRITE; re-try the write immediately, without > issuing an SSL_read before the retry of the write. Please confirm? Huh? > * If SSL_write reports WANT_READ; issue an SSL_read on the socket before > issuing an SSL_write. Once the READ has been done, re-do the SSL_write. > Please confirm? It sounds like you are all mixed up. 1) Both SSL_read and SSL_write can both read and write to or from the socket. 2) A WANT_READ indication means further progress cannot be made until data can be read from the socket. 3) A WANT_WRITE indication means further progress cannot be made until data can be written to the socket. > Additionally; the logic to selecting sockets for reading should be: > > * If the readfd of the socket is set (via select()) > OR > * The socket has reported WANT_READ from an operation > Can you please provide your thoughts on the above logic? You can call SSL_read on a non-blocking socket any time you want. It's always safe, since it can never block. The deadlock scenario can only occur when you refuse to call SSL_read until you find the socket in the read set from select. So you must be careful under what circumstances you decide to get into this state. So long as your last operation, SSL_read or SSL_write, returned WANT_READ, there is no reason to retry that particular operation until you find the socket in the read set. > If I receive WANT_READ, during an SSL_write - what does it want me to > actually do? This means that SSL_write cannot accept any more data from you until it reads some data from the socket. It doesn't particularly care what you do about it. You can call SSL_write again immediately. Maybe the data just arrived. You could add the socket to the 'read' set and retry the SSL_write when you get a read hit. You have one piece of information, no further data can be encrypted and send on this connection until some data is read from the socket. Note that *any* call to SSL_read or SSL_write with *any* return value potentially invalidates this knowledge (they can all read *this* data from the socket and still fail). (Obviously, if SSL-write again returns WANT_READ, that doesn't invalidate it.) DS ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [email protected] Automated List Manager [EMAIL PROTECTED]
