[openssl-users] Nonblocking IO: Kindly need your urgent authoritative confirmation that the OpenSSL API's SSL_read and SSL_write and select() must indeed be used together *exactly* like this, as to keep us all safe (from infinite loop & zombification bugs)!

Graham Leggett minfrin at sharp.fm
Tue Feb 24 15:18:20 UTC 2015


On 22 Feb 2015, at 11:22 PM, Tinker <tinkr at openmailbox.org> wrote:

> I need your authoritative answer on the following question.

[snip stuff that is too long]

You are totally overthinking this.

The SSL protocol involves negotiation, during which the sender and the receiver exchange data with each other. What this means is that during either SSL_read, or SSL_write, openssl might try to write or read respectively. If your non-blocking code isn’t geared to handle this, you might end up either hanging or spinning as you wait for the wrong event.

The SSL_WANTS_READ response code is a warning that means “I want to read during SSL_write, are you ok with me doing this?”.

The SSL_WANTS_WRITE response code is a warning that means “I want to write during SSL_read, are you ok with me doing this?”.

In both cases, once you have determined that it is ok to read, or ok to write, you simply retry SSL_write() or SSL_read() again.

For example, a read loop:

sense = READ;
while (sense == READ ? if_ready_to_read() : if_ready_to_write()) {
    rc = SSL_read();
    if (rc == SSL_WANT_WRITE) {
        sense = WRITE;
    } else {
        sense = READ;
    }
    // do stuff with what you read (you may have read nothing, but that’s fine too)
}

Regards,
Graham
—



More information about the openssl-users mailing list