In short ssl is not the same as a raw socket fd because of the intervening protocol.
That's all.... Original Message From: michel.sa...@free.fr Sent: October 8, 2017 4:34 PM To: openssl-users@openssl.org Reply-to: openssl-users@openssl.org Subject: Re: [openssl-users] Graceful shutdown of TLS connection for blocking sockets Hi Thomas, I do not think that non-blocking code is hard to implement, but I am not still convinced there is not some kind of confusion here. Pardon me if I do not understand well your reasoning, but I just want to highlight that SSL_read() contract is not to return TCP data, but SSL/TLS data (if some are available), which is more work. As described in https://www.openssl.org/docs/man1.1.0/ssl/SSL_read.html, you may encounter cases where TCP data is available, but just contains TLS records with no usefull application data. Can this be what you experienced or I missed your point ? Regards, Michel -----Message d'origine----- De : openssl-users [mailto:openssl-users-boun...@openssl.org] De la part de Thomas J. Hruska Envoyé : dimanche 8 octobre 2017 22:56 À : openssl-users@openssl.org Objet : Re: [openssl-users] Graceful shutdown of TLS connection for blocking sockets On 10/8/2017 7:28 AM, Michel wrote: > While I understand that using non-blocking descriptors is a better > practice, I still do not see why select() should NEVER be used for > blocking sockets (except when combined/interfered with the internal > OpenSSL state machine or equivalent mechanism). > > Could you please elaborate or give an example ? > > Regards, > > Michel. Example: You call select(), it returns the descriptor as readable, you pass it into SSL_read(), and SSL_read() blocks. You are worse off than before you used select() since you made the incorrect assumption that you could do something when select() returns and not have a blocking socket block. Just because select() says that something is readable (or writable) does not actually make it so. The function only makes sense for non-blocking descriptors. The use of select() with a blocking descriptor is always wrong. Non-blocking code is actually easier to implement than you think. -- Thomas Hruska Shining Light Productions Home of BMP2AVI and Win32 OpenSSL. http://www.slproweb.com/ -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
smime.p7s
Description: S/MIME cryptographic signature
-- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
