Hello, I found a possible issue regarding the usage of mbedtls_ssl_read in c_read:
static size_t c_read(void *cv, char *buf, size_t size) { COOKIE *c; int n; size_t n_read; c = (COOKIE *)cv; n_read = 0; while(n_read < size && (n = mbedtls_ssl_read(c->fd, buf + n_read, size - n_read)) > 0) n_read += n; return n_read; } This basically ready everything until end-of-file or the buffer is full. However, the former could be an issue. The docs of mbedtls_ssl_read states: Returns The (positive) number of bytes read if successful. 0 if the read end of the underlying transport was closed • in this case you must stop using the context (see below). The docs of fopencookie specifies: The buf and size arguments are, respectively, a buffer into which input data can be placed and the size of that buffer. As its function result, the read function should return the number of bytes copied into buf, 0 on end of file, or -1 on error. The read function should update the stream offset appropriately. Since the function passes > 0 even though it received EOF, this would be incorrect, and may result in the following: If there is a less data than size, and then an EOF, c_read returns > 0, and will (probably, I do not know the whole code) be called again. Which will again use mbedtls_ssl_read, which is forbidden. Cheers, Mischa -- pound mailing list pound@apsis.ch https://admin.hostpoint.ch/mailman/listinfo/pound_apsis.ch