Hello, I have implemented an SSL server on the ecos platform and it seems to be working well however I am a tiny bit unclear about the requirements around whether or not calls to SSL_read and SSL_write need to be syncrhonized and I want to avoid doing something incorrect. The specific question I have is this:
If I call SSL_read() and openSSL tells me that it NEEDS_WRITE or NEEDS_READ, do I need to then hold off calls to SSL_write until I have called SSL_read again and it is succeeds? And then same question but with SSL_write. I am asking because I have seen conflicting information. Here is where I'm getting the conflicting information: >From the "calls must be synchronized" camp: In chapter 5, pages 159-166 of "Network Security with OpenSSL" by John Viega, Matt Messier & Pravir Chandra, 2002 they state very clearly that "once we've made a call to an SSL I/O function, and it requires a retry, we should not call other I/O functions until the original call has succeeded." It even gives a code example that achieves this synchronization. >From the "calls to SSL_read and SSL_write can be treated independently" camp: In this thread from the openssl-dev mailing list: http://marc.info/?l=openssl-dev&m=124308191325560&w=2 A gentleman named David Schwartz states, "I'm not sure where you see that, but that is obviously bogus. Suppose we have a protocol that permits either side to read or write at any time. We call SSL_read in case the other side sent something, it returns WANT_READ, because the other side didn't send anything. Are you seriously arguing that we now can't send anything until the other side does? Isn't that obviously an impossible requirement?" In response to this statement by somebody else "Because the documentation appears in several places to state that when I receive WANT_X from _any_ OpenSSL API operation in non-blocking mode, the next API operation I issue on that SSL * must be the exact same API operation, with the same parameters." Can somebody please tell me which of these two sources are correct or if I am mis-reading them? Thanks! CHAD ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
