> All - > > I am using OpenSSL with memory BIOs for the communication. I have > everything working just fine, until I came across a server that sends > Application data in the final packet of the TLS handshake. > Specifically, Wireshark shows the following in its output : > > Change Cipher Spec, Encrypted Handshake Message, Application Data > > where I am normally used to just : > > Change Cipher Spec, Encrypted Handshake Message > > So, my question is, how do I get at the application data in that packet? > > After the call to SSL_connect() both SSL_pending() and > BIO_ctrl_pending() are claiming that there are 0 bytes available to read. > > Is there a flag I need to enable? Or some other call?
The BIO_read function exists for this exact purpose. There is no way to tell for sure whether an SSL_read or BIO_read (of an SSL bio) will be able to return application data other than to call it and see. The functions you are using only check for certain specific possible ways there could be pending data. They are not exhaustive. Your mistake is in trying to do everything twice, once to figure out what will happen and then again for real. Since you want to receive data if there is any, and there's no harm in trying if there isn't any, it is totally illogical to perform two expensive operations, the first to see if the second is necessary. It's more logical just to do one. If it's necessary, you win, one operation instead of two. If it's not, you break even, one operation either way. Your method not only has the extra cost of doing an operation twice if it's possible, but worse fails horribly if the two attempts are not precisely parallel, and there are many edge cases. This is just the one that's pestering you now. If you don't fundamentally fix your design, there will be another one tomorrow too. Just try to read. Don't try to figure out what will happen if you try. DS ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]