> Actually, I do that. And I think I understand what SSL_pending does : it
> returns the number of decrypted bytes remaining in the SSL buffer.
> Implied: at least 1 SSL_read has been done before ! Am I wrong ?
You are wrong in theory. Any SSL operation can churn the SSL state machine and
decr
Thank you David, thank you all for the clarification.
Combining 'select' with blocking operations almost never works right. This is
the most difficult conceivable situation and you should not willingly choose it
I've been a bit confused. All my sockets are in non blocking mode.
Actually what I
> OK, but from the source, I discovered that SSL_read is blocking until it
> receives a complete record. So, if I want to be awaken with select I
> must either:
Combining 'select' with blocking operations almost never works right. This is
the most difficult conceivable situation and you should
SSL_read will not return anything until it has received and verified a
full record. It will do its own buffering, and all you have to do is
respond to it. (If you're in a proxy/relay environment, it's possible
that the kernel will not have received the next packet to go into the
buffer, so you'll
arch 31, 2009 5:29 AM
To: openssl-users@openssl.org
Subject: Re: last data bytes not delivered when read in several small buffers
Hello Kyle,
Thank you for these explanations. Things are becoming clearer.
An important point about the application is : it's a relay (gateway).
So it doesn&#
Hello Kyle,
Thank you for these explanations. Things are becoming clearer.
An important point about the application is : it's a relay (gateway). So
it doesn't have only to take care of the SSL side, but also of the
relayed application (private) side.
It's a non-blocking environment, so I am q
SSL will return SSL_ERROR_WANT_READ if it needs to read more. It will
return SSL_ERROR_WANT_WRITE if it needs to write things out on that
socket before it can do anything else (for example, during a
renegotiation). (There is no fixed upper bound of times this can
happen, so beware of going into a
Hello David,
Thank you for this explanation.
I've a good book from Eric Rescorla, but may be I jumped too quickly to
the API and didn't learn enough the concepts!
So If I correctly understand, I must try to read a MAX_RECORD_SIZE
buffer (16383 bytes) when select says "There is something ready
> the application read the first
> 1500 bytes, then "select(...)" no more indicates that something has to
> be read on the fd. So the OFTP application behind the gateway doesn't
> send the new "credit authorisation" because it didn't receive the
> complete previous credit. And the sender waits unt
Hello,
I've an application (OFTP protocol) which runs over TLS. Actually OFTP
is one application and TLS is managed by a gateway application running
in a DMZ.
The gateway application is linked against OpenSSL libraries version 0.9.8g
What occurs:
OFTP negotiate a "credit" at start session tim
10 matches
Mail list logo
