<div dir="ltr">I did find a very good explanation here: <a href="https://mta.openssl.org/pipermail/openssl-users/2015-March/000709.html">https://mta.openssl.org/pipermail/openssl-users/2015-March/000709.html</a><div><br></div><div>The idea of "what SSL wants" and "what the app wants" is a very good explanation. This is the pseudocode I'm working with currently:</div><div><br></div><div><div> io_callback(events) {</div><div> if (messages_to_send && (events & OS_WRITABLE)) {</div><div> SSL_write(.....);</div><div> if (error) {</div><div> if (error_is_want_read) {</div><div> system_poll &= OS_READABLE;</div><div> } else if (error_is_want_write) {</div><div> system_poll &= OS_WRITABLE;</div><div> }</div><div> update_os_poll(system_poll);</div><div> return;</div><div> } else {</div><div> // emit send success to app</div><div> }</div><div> } else if (app_wants_data && (events & OS_READABLE)) {</div><div> SSL_read(.....);</div><div> if (error) {</div><div> if (error_is_want_read) {</div><div> system_poll &= OS_READABLE;</div><div> } else if (error_is_want_write) {</div><div> system_poll &= OS_WRITABLE;</div><div> }</div><div> update_os_poll(system_poll);</div><div> return;</div><div> } else {</div><div> // emit the data to app</div><div> }</div><div> }</div><div> }</div></div><div><br></div><div>This code is probably not 100% correct, but should show my design pretty clear. One needs to do what YOU want, combined with what SSL wants.</div><div><br></div><div>However, question still remains - it is ALLOWED to perform SSL_read before SSL_write, when a previous call to SSL_write failed with WANT_READ?</div></div><div class="gmail_extra"><br><div class="gmail_quote">2016-09-15 7:01 GMT+02:00 Viktor Dukhovni <span dir="ltr"><<a href="mailto:openssl-users@dukhovni.org" target="_blank">openssl-users@dukhovni.org</a>></span>:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><span class="">On Thu, Sep 15, 2016 at 05:07:22AM +0200, Alex Hultman wrote:<br>
<br>
> If SSL_write returns the error SSL_ERROR_WANT_READ, am I then allowed to<br>
> call SSL_read before I have called SSL_write?<br>
<br>
</span>WANT_READ means that OpenSSL *internally* needs to read some (often<br>
ciphertext) bytes from the peer, and that since the socket is<br>
non-blocking or you're using BIO_pairs, ... the application must<br>
wait for data to arrive (poll(), select(), ...) and then retry<br>
the call once the socket becomes readable.<br>
<br>
It is not an invitation to read *application* layer data, which<br>
would typically also fail for lack anything to read at that<br>
moment.<br>
<br>
* WANT_READ -- Select the socket for read, and retry<br>
the original function (hanshake, read or write) once<br>
the socket is readable.<br>
<br>
* WANT_READ -- Select the socket for write, and retry<br>
the original function (hanshake, read or write) once<br>
the socket becomes writable.<br>
<br>
Again, these are not a request for the application to *consume*<br>
data, rather the application needs to retry once the socket is<br>
ready for the requested operation. OpenSSL will internally<br>
read or write to the socket.<br>
<span class="HOEnZb"><font color="#888888"><br>
--<br>
Viktor.<br>
--<br>
openssl-users mailing list<br>
To unsubscribe: <a href="https://mta.openssl.org/mailman/listinfo/openssl-users" rel="noreferrer" target="_blank">https://mta.openssl.org/<wbr>mailman/listinfo/openssl-users</a><br>
</font></span></blockquote></div><br></div>