> On Mon, Jun 12, 2006 at 12:06:28AM +0200, Marek Marcola wrote: > > > In what way this break already used applications ??? > > In what way this break anything ??? > > SSL_read(3): > > If the underlying BIO is blocking, SSL_read() will only return, once > the read operation has been finished or an error occurred, except when > a renegotiation take place, in which case a SSL_ERROR_WANT_READ may > occur. This behaviour can be controlled with the SSL_MODE_AUTO_RETRY > flag of the SSL_CTX_set_mode(3) call. > > SSL_CTX_set_mode(3): > > SSL_MODE_AUTO_RETRY > Never bother the application with retries if the transport is > blocking. If a renegotiation take place during normal operation, a > SSL_read(3) or SSL_write(3) would return with -1 and indicate the > need to retry with SSL_ERROR_WANT_READ. In a non-blocking environ- > ment applications must be prepared to handle incomplete read/write > operations. In a blocking environment, applications are not always > prepared to deal with read/write operations returning without suc- > cess report. The flag SSL_MODE_AUTO_RETRY will cause read/write > operations to only return after the handshake and successful com- > pletion. > > If a blocking application sets SSL_MODE_AUTO_RETRY, SSL_read() will > only return once data is available, or a real error occurs. This must > not change.
Nobody is suggesting that this should change. But if SSL_MODE_AUTO_RETRY is not set it should consistently return SSL_ERROR_WANT_READ when renegotiation is in progress, not sometimes return it and sometimes not. If it is impossible to fix it to always consistently return SSL_ERROR_WANT_READ, API should be changed. SSL_MODE_AUTO_RETRY should be forced to be always set and the SSL_read documentatin should be changed to say that it will never return WANT_READ or WANT_WRITE if underlying BIO is blocking. The current behavior is confusing and not properly documented. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
