SSL_peek() removes the session ticket from the underlying BIO ??

Matt Caswell matt at openssl.org
Thu May 2 07:03:41 UTC 2024



On 02/05/2024 06:19, Rahul Shukla wrote:
> Hi All,
> As per the OpenSSL doc :
> /
> /
> /"SSL_peek_ex() and SSL_peek() are identical to SSL_read_ex() and 
> SSL_read() respectively except no bytes are actually removed from the 
> underlying BIO during the read, so that a subsequent call to 
> SSL_read_ex() or SSL_read() will yield at least the same bytes."/
> 
> *I have a quick question here, Does SSL_peek() remove the session ticket 
> (Non application data) from the underlying BIO or will it remain there 
> just like application data until unless SSL_read() is called to read the 
> session ticket. *


It depends.

OpenSSL has an internal buffer of application data that has already been 
processed and is available for immediate read. If that buffer has data 
in it then a call to SSL_peek() (or in fact SSL_read()) will return that 
data and will not attempt to process any further incoming records.

If the buffer is empty then it will attempt to process further records 
in order to put more data into that buffer. In doing that if it 
encounters any non-application data records (such as a session ticket) 
then it will process those records in the same way as SSL_read() would 
have done.

Matt


More information about the openssl-users mailing list