SSL_peek() removes the session ticket from the underlying BIO ??
Matt Caswell
matt at openssl.org
Thu May 2 07:03:41 UTC 2024
On 02/05/2024 06:19, Rahul Shukla wrote:
> Hi All,
> As per the OpenSSL doc :
> /
> /
> /"SSL_peek_ex() and SSL_peek() are identical to SSL_read_ex() and
> SSL_read() respectively except no bytes are actually removed from the
> underlying BIO during the read, so that a subsequent call to
> SSL_read_ex() or SSL_read() will yield at least the same bytes."/
>
> *I have a quick question here, Does SSL_peek() remove the session ticket
> (Non application data) from the underlying BIO or will it remain there
> just like application data until unless SSL_read() is called to read the
> session ticket. *
It depends.
OpenSSL has an internal buffer of application data that has already been
processed and is available for immediate read. If that buffer has data
in it then a call to SSL_peek() (or in fact SSL_read()) will return that
data and will not attempt to process any further incoming records.
If the buffer is empty then it will attempt to process further records
in order to put more data into that buffer. In doing that if it
encounters any non-application data records (such as a session ticket)
then it will process those records in the same way as SSL_read() would
have done.
Matt
More information about the openssl-users
mailing list