[openssl-users] Nonblocking IO: Kindly need your urgent authoritative confirmation that the OpenSSL API's SSL_read and SSL_write and select() must indeed be used together *exactly* like this, as to keep us all safe (from infinite loop & zombification bugs)!

[Graham Leggett]

On 22 Feb 2015, at 11:22 PM, Tinker <tinkr at openmailbox.org> wrote:

> I need your authoritative answer on the following question.

[snip stuff that is too long]

You are totally overthinking this.

The SSL protocol involves negotiation, during which the sender and the receiver exchange data with each other. What this means is that during either SSL_read, or SSL_write, openssl might try to write or read respectively. If your non-blocking code isn’t geared to handle this, you might end up either hanging or spinning as you wait for the wrong event.

The SSL_WANTS_READ response code is a warning that means “I want to read during SSL_write, are you ok with me doing this?”.

The SSL_WANTS_WRITE response code is a warning that means “I want to write during SSL_read, are you ok with me doing this?”.

In both cases, once you have determined that it is ok to read, or ok to write, you simply retry SSL_write() or SSL_read() again.

For example, a read loop:

sense = READ;
while (sense == READ ? if_ready_to_read() : if_ready_to_write()) {
    rc = SSL_read();
    if (rc == SSL_WANT_WRITE) {
        sense = WRITE;
    } else {
        sense = READ;
    }
    // do stuff with what you read (you may have read nothing, but that’s fine too)
}

Regards,
Graham
—