On Fri, Nov 08, 2002 at 06:22:21PM +1100, Niall Kelly wrote:
> In the event of SOME (not all) of the application data
> being written, SSL_write will return this number
> (rather than -1 with an error of
> SSL_ERROR_WANT_WRITE).
Yes. And no. See below.
> Without SSL_MODE_PARTIAL_WRITE when an application
> receives -1 and SSL_ERROR_WANT_WRITE it is obliged to
> re-call SSL_write with the exact same buffer).
Yes.
> Am I correct in assuming that with
> SSL_MODE_PARTIAL_WRITE set the applications next call
> to SSL_write would only have to pass the portion of
> data not written previously? i.e. if the original call
> attempted to write N but only wrote W, the subsequent
> call should try to write the remaining N-W bytes.
Yes.
> Further questions (assuming above is correct):
> 1. Are there restrictions on the address of the N-W
> bytes passed to the second call? (i.e. similar to the
> WANT_WRITE restriction whereby the same buffer must be
> passed when retrying)
No restrictions.
> 2. If the application has more data to write by the
> time it makes the second call i.e. ((N-W) + (new
> data)) is it OK to pass it all to the second write?
The next call to write is independent from the old call. A completely
new sequence is started.
> 3. Presumably even with SSL_MODE_PARTIAL_WRITE set it
> is still possible to receive -1 and WANT_WRITE under
> certain circumstances?
Yes. It can happen all the time.
> 4. Are my assumptions missing anything important
> related to packing/encrypting of app. data into SSL
> records before actually writing to the network buffer?
Hmm. Seems to be complete to me.
> Finally, if my assumptions are correct, under what
> circumstances would an application not want to use
> SSL_MODE_PARTIAL_WRITE?
PARTIAL_WRITE requires an additional loop in the application, as it will
write at most one TLS chunk (16kB) full of data.
If the TLS buffer size is larger than the buffer of the underlying
transport (which is normally the case with TCP, as 16kB > 4kB),
SSL_write() will return with WANT_WRITE as soon as the TCP send buffer
is full.
PARTIAL_WRITE is related to the TLS chunk size. There is no way to partially
send less than one TLS chunk (because it is secured with cryptographic
authentication) and must be treated as a whole.
If you send more than 16kB in one SSL_write(), more than one TLS chunk
must be prepared. Without PARTIAL_WRITE, SSL_write() will only report
success once all chunks were sent, with PARTIAL_WRITE, chunks are handled
separately.
Best regards,
Lutz
--
Lutz Jaenicke [EMAIL PROTECTED]
http://www.aet.TU-Cottbus.DE/personen/jaenicke/
BTU Cottbus, Allgemeine Elektrotechnik
Universitaetsplatz 3-4, D-03044 Cottbus
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
