Straight from the man pages ..
SSL_read() works based on the SSL/TLS records. The data are received in records (with a maximum record size of 16kB for SSLv3/TLSv1). Only when a
record has been completely received, it can be processed (decryption and check of integrity). Therefore data that was not retrieved at the last call of
SSL_read() can still be buffered inside the SSL layer and will be retrieved on the next call to SSL_read(). If num is higher than the number of bytes
buffered, SSL_read() will return with the bytes buffered. If no more bytes are in the buffer, SSL_read() will trigger the processing of the next
record. Only when the record has been received and processed completely, SSL_read() will return reporting success. At most the contents of the record
will be returned. As the size of an SSL/TLS record may exceed the maximum packet size of the underlying transport (e.g. TCP), it may be necessary to
read several packets from the transport layer before the record is complete and SSL_read() can succeed.
it speaks to what you are inquiring about
Edward Chan wrote:
I have a question about SSL_read(). Am I correct in my understanding that SSL_read() will not read from the socket as long as there is data in the ssl buffers available for processing? And if there is data in the ssl buffer but it cannot be processed because we don't have a complete record, then I will get an SSL_ERROR_WANT_READ/WRITE, in which case, I need to issue SSL_read() again to read more data from the socket?
Thanks, Ed
______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
