> In the case I get an epoll-triggered recv() from the socket, do I dump > that data into the BIO via BIO_write, and follow that with a > SSL_read()?
> -Aaron No, you are still trying to treat it like a pipe. It is not. It has four *INDEPENDENT* ports. The fact that you received encrypted data from the socket does not tell you what that data means. It may mean that new plaintext is ready, but it could also mean that negotiation is complete and therefore an SSL_write will now succeed. Attempting to "look through" the SSL state machine and assume a relationship among the four ports will seem to work but ultimately cause you pain. It will turn connection setup, connection teardown, and renegotiation into special cases that your code will mishandle. That the OpenSSL state machine received encrypted data from the socket means that the state machine may have made *any* forward progress. That may mean there's new data on the plaintext output port, but it could also mean there's new encrypted data to send on the ciphertext output port. You should service all four ports without assuming any relationship among them. If there's a temporary relationship between ports, the state machine will tell you via WANT_READ/WANT_WRITE indications. Note that this relationship is invalidated by *any* forward progress. DS ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
