No data available to red after SSL_ERROR_WANT_READ error.

Matt Caswell matt at openssl.org
Thu May 9 07:49:30 UTC 2024 


On 08/05/2024 18:15, Rahul Shukla wrote:
> The issue I'm encountering here occurs after the first SSL_read() call 
> in myread(). Despite encountering SSL_ERROR_WANT_READ, upon checking for 
> available data using isReadable(),there appears to be no activity or 
> pending data. This inconsistency occurs intermittently, with the socket 
> sometimes taking up to 3 seconds to become readable, while at other 
> times, data becomes immediately accessible.
> 
> I'm curious as to why this discrepancy is occurring.

So, IIUC, you have a blocking socket but SSL_MODE_AUTO_RETRY is off.

When turned on that option means that if during an SSL_read() or similar 
call OpenSSL encounters a record that does not contain application data 
then it will automatically keep retrying the read until application data 
has been read. If no app data is available then it will block until it 
is (since you are using a blocking socket).

Since you have turned the option off any SSL_read() call that encounters 
a non-application data record will return immediately and indicate 
SSL_ERROR_WANT_READ. This means OpenSSL tried to read application data 
but failed to get any (because it hit a non-app data record instead). It 
tells you nothing about the state of the underlying socket and whether 
application data is available there or not.

It would be quite normal for you to get SSL_ERROR_WANT_READ and there 
not to be any app data available yet - either because the peer hasn't 
sent any yet, or because it is still in flight over the network.

Matt



> Could it be that 
> the processing of data and its availability in the buffer is causing 
> delays or something is missing in code? Any insights or assistance on 
> resolving this matter would be immensely helpful and appreciated.
> 
> int isReadable(int timeout)
> 
> {
> 
>                  …..
> 
>                  if( (poll (&fds, fds_count, timeout) > 0)  && 
> (fds.revents & POLLIN)) ||
> 
>                                  (SSL_pending(ssl) > 0))
> 
>                  {
> 
>                                  return 1;
> 
>                  }
> 
>                  return 0;
> 
> }
> 
> int myread (int length)
> 
> {
> 
>                  int ret = 0;
> 
>                  if( isReadable(5) )
> 
>                  {
> 
> ret = SSL_read(ssl, buffer, length);
> 
>                  }
> 
>                  while(ret == -1)
> 
>                  {
> 
>                                  int errorCode = SSL_get_error(ssl, ret);
> 
>                                  if( errorCode == SSL_ERROR_WANT_READ)
> 
>                                  {
> 
> if( isReadable(5) )
> 
>                                                  {
> 
> ret = SSL_read(ssl, buffer, length);
> 
>                                                  }
> 
>                                                  Else
> 
>                                                  {
> 
>                                                                  ret 0;
> 
>                                                  }
> 
>                                  }
> 
>                                  ….
> 
>                  }
> 
> }
> 
> --Rahul
>

More information about the openssl-users mailing list