Darryl Miles wrote: > I do not believe the SSL_write() call is allowed to access the > underlying BIO/kernel-socket to read in more data. I think SSL_write() > is allowed to process any data already read into buffer (from kernel to > OpenSSL library internal buffer) in an attempt to unstall the situation > itself. But it can't invoke read() on the kernel for it.
If SSL_write has to read from the socket to make forward progress, there is absolutely no reason it shouldn't just do so. There is no reason it should compel the application to do it. My documentation says: [T]he return value of SSL_write() will yield SSL_ERROR_WANT_READ or SSL_ERROR_WANT_WRITE. As at any time a re-negotiation is possible, a call to SSL_write() can also cause read operations! The calling process then must repeat the call after taking appropriate action to satisfy the needs of SSL_write(). The action depends on the underlying BIO. When using a non-blocking socket, nothing is to be done, but select() can be used to check for the required condition. When using a buffering BIO, like a BIO pair, data must be written into or retrieved out of the BIO before being able to continue. This suggests the exact opposite of what you said. One of these sources is right and the other is wrong, and it makes a huge difference which! My understanding, for many years, coincides with this documentation. However, I can't think of any specific case where this difference would have affected me, as my coding is extremely defensive and would tolerate either mechanism without a problem. DS ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org