[openssl-users] Graceful shutdown of TLS connection for blocking sockets
karl at denninger.net
karl at denninger.net
Sun Oct 8 21:37:17 UTC 2017
In short ssl is not the same as a raw socket fd because of the intervening protocol.
That's all....
Original Message
From: michel.sales at free.fr
Sent: October 8, 2017 4:34 PM
To: openssl-users at openssl.org
Reply-to: openssl-users at openssl.org
Subject: Re: [openssl-users] Graceful shutdown of TLS connection for blocking sockets
Hi Thomas,
I do not think that non-blocking code is hard to implement, but I am not
still convinced there is not some kind of confusion here.
Pardon me if I do not understand well your reasoning, but I just want to
highlight that SSL_read() contract is not to return TCP data, but SSL/TLS
data (if some are available), which is more work.
As described in https://www.openssl.org/docs/man1.1.0/ssl/SSL_read.html, you
may encounter cases where TCP data is available, but just contains TLS
records with no usefull application data.
Can this be what you experienced or I missed your point ?
Regards,
Michel
-----Message d'origine-----
De : openssl-users [mailto:openssl-users-bounces at openssl.org] De la part de
Thomas J. Hruska
Envoyé : dimanche 8 octobre 2017 22:56
À : openssl-users at openssl.org
Objet : Re: [openssl-users] Graceful shutdown of TLS connection for blocking
sockets
On 10/8/2017 7:28 AM, Michel wrote:
> While I understand that using non-blocking descriptors is a better
> practice, I still do not see why select() should NEVER be used for
> blocking sockets (except when combined/interfered with the internal
> OpenSSL state machine or equivalent mechanism).
>
> Could you please elaborate or give an example ?
>
> Regards,
>
> Michel.
Example: You call select(), it returns the descriptor as readable, you pass
it into SSL_read(), and SSL_read() blocks. You are worse off than before
you used select() since you made the incorrect assumption that you could do
something when select() returns and not have a blocking socket block.
Just because select() says that something is readable (or writable) does not
actually make it so. The function only makes sense for non-blocking
descriptors. The use of select() with a blocking descriptor is always
wrong.
Non-blocking code is actually easier to implement than you think.
--
Thomas Hruska
Shining Light Productions
Home of BMP2AVI and Win32 OpenSSL.
http://www.slproweb.com/
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4557 bytes
Desc: not available
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20171008/8d71fbb4/attachment.bin>
More information about the openssl-users
mailing list