> Thanks David. > Unfortunately option 1) and 3) are not possible for my clients.
In other words, you cannot engineer a sensible option and have to fake it. That's fine, but solutions that aren't engineered tend to be poor. > option 2) seems the way to go for me, but so far it proved unreliable. That was the downside of that option. > Here are some scenarios I have been playing with: > 1)Crash a client running on unix: > The SSL_read returns 0 . The SSL error code is > SSL_ERROR_SYSCALL [An SSL I/O error occurred]. The errno is 0! Seems reasonable. No unread data was pending, so the TCP connection closed normally. You would definitely infer a crash in this case. Network failures don't normally close connections. > 2)Crash a client running on windows: > The SSL_read returns -1 . The SSL error code is SSL_ERROR_SYSCALL > [An SSL I/O error occurred]. The errno is ECONNRESET > [Connection reset by peer] So there was some pending unread data in this case. You would definitely infer a crash in this case. A network failure won't reset a connection, but a rebooting host might. So you can't be sure the client didn't crash. > 3)Leave the client running on unix or on windows and unplug the network: > The SSL_read returns -1 . The SSL error code is SSL_ERROR_SYSCALL > [An SSL I/O error occurred]. > The errno is ECONNRESET [Connection reset by peer] Did you unplug the client or server? Was the server running Windows? You need to explain this case in detail. If you unplugged the *server* interface, then that's a very unusual special case that you need to specifically test for by checking the interface. (Due to an unfortunate Windows bug. It reports ECONNRESET when it loses a network interface even though the connection was *not* reset by the peer.) > As you can see this does not seem to be reliable to distinguish > between what really happened. The first two cases seem perfectly sensible. You didn't explain the third case in early enough detail for me to comment on it. DS ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
