[openssl-users] SSL_ERROR_WANT_READ, SSL_ERROR_WANT_WRITE

[Graham Leggett]

On 21 Feb 2015, at 12:58 PM, Serj Rakitov <rasjv at yandex.com> wrote:

> I set socket to non-blocking mode.
> 
> 1. If I do SSL_read() and get result <=0 and then SSL_get_error() returns SSL_ERROR_WANT_WRITE what must I to do?
> Is it enough to call SSL_write(ssl,0,0) one time and then again call SSL_read() untill it successed. Is this right?
> 
> 
> 2.  If I do SSL_write() and get result <=0 and then SSL_get_error() returns SSL_ERROR_WANT_READ what must I to do?
> If I must read some data can it be application data or no? So, if I call SSL_read(ssl,buf,buf_size) must I waiting in buf some application data or never?
> And after I did SSL_read(ssl,buf,buf_size) then I must again call SSL_write() untill it returns with success?
> 
> 
> 3. Can be this situation: SSL_write() returns <=0 and then SSL_get_error() returns SSL_ERROR_WANT_WRITE?
> What to do in this case for non-blocking socket?

In both cases you return back to your poll and ask the OS to wait for the event that openssl asked for. If openssl asked for read, you poll until the socket is readable. If openssl asked for a write, you poll until the socket is writable.

When you get the event you asked for, you just run whatever you were running again. For example, if you were running SSL_read, run SSL_read again. If you were running SSL_write, run SSL write again.

So to write it out:

- Call SSL_read(), it returns SSL_ERROR_WANT_WRITE
- Poll for the socket being writable.
- It’s writable! call SSL_read() again. it might return SSL_ERROR_WANT_READ
- Poll for the socket being readable.
- It’s readable! Call SSL_read() again, and so on.

If openssl wants read, poll for read. If openssl wants write, poll for write. Don’t arbitrarily swap round SSL_read and SSL_write, those two calls are what *you* want to do, not what openssl wants to do.

Regards,
Graham
—