[openssl-dev] Check for heartbeat response without reading?

Judson Wilson wilson.judson at gmail.com
Sun Jan 24 23:56:15 UTC 2016


Is it possible to check for a heartbeat response without calling SSL_read?
I'm pretty sure the answer is no.

This is problematic for me. I'm trying to make a library layer on top of
OpenSSL that uses the heartbeat as an authenticated ack of earlier
messages, without changing the application layer above.

Doing a dummy SSL_read is problematic because it will fail (there is no
data), and the same parameters (buffer address and size) will need to be
repeated when a real SSL_read comes in. That's pretty messy. Future reads
will need to be done in two parts.

It would be nice if there were looser rules on ERROR_WANT_READ/WRITE.
Specifically, it would be nice to relax the requirement of using the same
parameters for the read/write operation. It seems like it should be OK if
you transplant the buffer, i.e. realloc, between calls. It also seems like
it should be OK to increase the size of the operation, but not decrease
it.  I can see how this would be a problem if the innards are storing
buffer pointers between calls.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-dev/attachments/20160124/ddc6f8d3/attachment.html>


More information about the openssl-dev mailing list