> If you get SSL_ERROR_WANT_WRITE, even if you have no application data
> to send, the protocol itself requires data to be written
Correct.
> -- so you
> need to call SSL_write().
Incorrect. The 'SSL_write' function is the function to send unencrypted
data over the SSL link. It has nothing to do with the encrypted data the SSL
engine wants to write to the socket.
> If you get SSL_ERROR_WANT_READ, even if
> you're writing application data, that means that the protocol itself
> is requiring data to be read from the peer, so you need to call
> SSL_read().
No. If the protocol itself needs to read data from the peer in order to
write data, it will do so when you call SSL_write. The job of SSL_write is to
do whatever is needed to encrypt and send the data you are writing, whether
that means reading from the socket, writing to the socket, or both.
> Both situations can happen in either case. If you have no data to
> write, call it with a NULL buffer and a length of 0.
No. Do not ever do that. If you have no data to write, do not call
SSL_write.
This is based on the most grievous misunderstanding of what the
SSL_read and SSL_write functions do. They do *NOT* read from and write to the
socket. They read from and write to the logical SSL connection. That may
require reading from the socket, writing to the socket, or both in any
combination, and your program should not make assumptions about which and when.
DS
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
