Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

SSL_read()

92 views
Skip to first unread message

Edward Chan

unread,
Mar 28, 2005, 6:41:28 PM3/28/05
to
This message is in MIME format. Since your mail reader does not understand
this format, some or all of this message may not be legible.

------_=_NextPart_001_01C533EF.794B6352
Content-Type: text/plain

I have a question about SSL_read(). Am I correct in my understanding that
SSL_read() will not read from the socket as long as there is data in the ssl
buffers available for processing? And if there is data in the ssl buffer
but it cannot be processed because we don't have a complete record, then I
will get an SSL_ERROR_WANT_READ/WRITE, in which case, I need to issue
SSL_read() again to read more data from the socket?

Thanks,
Ed


------_=_NextPart_001_01C533EF.794B6352
Content-Type: text/html
Content-Transfer-Encoding: quoted-printable

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<HTML>
<HEAD>
<META HTTP-EQUIV=3D"Content-Type" CONTENT=3D"text/html; =
charset=3Dus-ascii">
<META NAME=3D"Generator" CONTENT=3D"MS Exchange Server version =
5.5.2658.2">
<TITLE>SSL_read()</TITLE>
</HEAD>
<BODY>

<P><FONT SIZE=3D2 FACE=3D"Arial">I have a question about =
SSL_read().&nbsp; Am I correct in my understanding that SSL_read() will =
not read from the socket as long as there is data in the ssl buffers =
available for processing?&nbsp; And if there is data in the ssl buffer =
but it cannot be processed because we don't have a complete record, =
then I will get an SSL_ERROR_WANT_READ/WRITE, in which case, I need to =
issue SSL_read() again to read more data from the socket?</FONT></P>

<P><FONT SIZE=3D2 FACE=3D"Arial">Thanks,</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Arial">Ed</FONT>
</P>

</BODY>
</HTML>
------_=_NextPart_001_01C533EF.794B6352--
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openss...@openssl.org
Automated List Manager majo...@openssl.org

Lawrence Bowie

unread,
Mar 28, 2005, 7:05:05 PM3/28/05
to
Straight from the man pages ..


SSL_read() works based on the SSL/TLS records. The data are
received in records (with a maximum record size of 16kB for
SSLv3/TLSv1). Only when a
record has been completely received, it can be processed
(decryption and check of integrity). Therefore data that was not
retrieved at the last call of
SSL_read() can still be buffered inside the SSL layer and will be
retrieved on the next call to SSL_read(). If num is higher than the
number of bytes
buffered, SSL_read() will return with the bytes buffered. If no
more bytes are in the buffer, SSL_read() will trigger the processing of
the next
record. Only when the record has been received and processed
completely, SSL_read() will return reporting success. At most the
contents of the record
will be returned. As the size of an SSL/TLS record may exceed the
maximum packet size of the underlying transport (e.g. TCP), it may be
necessary to
read several packets from the transport layer before the record
is complete and SSL_read() can succeed.

it speaks to what you are inquiring about

Edward Chan wrote:

> I have a question about SSL_read(). Am I correct in my understanding
> that SSL_read() will not read from the socket as long as there is data
> in the ssl buffers available for processing? And if there is data in
> the ssl buffer but it cannot be processed because we don't have a
> complete record, then I will get an SSL_ERROR_WANT_READ/WRITE, in
> which case, I need to issue SSL_read() again to read more data from
> the socket?
>
> Thanks,
> Ed
>

Edward Chan

unread,
Mar 28, 2005, 7:36:09 PM3/28/05
to
Thanks for your reply. I read that, and I think I understand what it is
saying. I'm just trying to get confirmation on my understanding of it. Put
in a different way, if I have the following code where I do SSL_read() in a
do-while loop,

int iBytesRead = 0;
do
{
int ret = SSL_read(ssl, buf, sizeof(buf));
int err = SSL_get_error(ssl, ret);
if (err == SSL_ERROR_NONE)
{
iBytesRead += ret;
}
else if (err == SSL_ERROR_ZERO_RETURN)
{
return 0; // ssl connection was closed
}
else if (err == SSL_ERROR_WANT_READ || err == SSL_ERROR_WANT_WRITE)
{
break; // need more data; break loop and add fd back to poll
// and do another SSL_read() when there is more
data
// available on the socket.
}
else
{
return 0; // read failed
}

} while (SSL_pending(ssl)); // ssl buffer has been completely drained

Assuming client is continuously sending me data, will I ever exit this loop?
I assume that once the ssl buffer has been emptied, SSL_pending() will
return 0 and I break the loop, or the ssl buffer can no longer be processed
without more data, in which case I get an SSL_ERROR_WANT_READ/WRITE and
break the loop, at which time I will add fd back to poll and wait for more
data on the socket (which could be immediate).

Lawrence Bowie

unread,
Mar 28, 2005, 8:03:43 PM3/28/05
to
Normally, you have something like ...


while(1)
{

select() call

if (SOCKET is in read mode) {

do
{
SSL_read() call

}
}

if (SOCKET is in write mode) {

do
{
SSL_write() call

}
}
}

once you end first loop make sure you close the socket and issue SSL_free().
You will have to find nifty way of ending the read/write operation, though.

Yes, you will leave the eventually and also depends on the implementation
you choose, threaded, using fork, single threaded, ...

LDB

0 new messages