On Thu, 4 Oct 2001 17:51:13 -0400, Robert Spassky Cabacungan
[EMAIL PROTECTED] wrote:
The problem is the NsOpenSSLSend() function in ssl.c, in nsopenssl-2.0.
BIO_write is returning a resource not available, try again error, but
NsOpenSSLSend is not checking for that, and so behaves as though it were
a non-recoverable error, aborting the write instead of trying again.
A simple loop over the SSL_write() fixes this. Ironically, there is
commented out code at the bottom of the function which would handle
retries. However, the comment reads this BIO_write loop doesn't work,
but seems like it should. So it looks like Scott did consider this
possibility, but it kind of slipped through the cracks in the final
release. Indeed, NsOpenSSLRecv() does loop and handle retries.
Anyway, I simply changed the SSL_write to operate in a loop, as follows:
do {
rc = SSL_write(ccPtr-ssl, buffer, towrite);
towrite -= rc;
} while ( BIO_should_retry(ccPtr-ssl-wbio)
BIO_should_write(ccPtr-ssl-wbio) );
Does anyone know whether it's better to use SSL_write or BIO_write in
this case?
Rob
Hi Rob,
It didn't slip through the cracks, I just couldn't get it to work at the
time so I commented it out to study it later. It looked like it should have
worked, but either I didn't understand what it was doing or had made a
mistake in usage (or both; boy, wouldn't that stink). Anyway, I wanted to
get a functional module out and this was something that could wait.
I don't think it matters whether we use SSL_write or BIO_write, but in
general I wanted to move all I/O to BIOs for better portability and cleaner
code. Another place where I tried to use BIOs versus SSL_* funcs was in the
server's RunHandshake -- on Solaris, BIOs looped 50-60 times before data
got through the handshake (it succeeded, but not gracefully). So I backed
off using BIO_* stuff in there.
I'll take another look at it and your code above and see if I can get
things working properly for the next release.
If you find out anything further, please let me know.
thanks,
/s.
