[openssl-users] Graceful shutdown of TLS connection for blocking sockets

Thomas J. Hruska shinelight at shininglightpro.com
Sun Oct 8 13:48:37 UTC 2017

On 10/8/2017 4:17 AM, Kyle Hamilton wrote:
> The way to handle this situation is simply to never enter SSL_read() if
> there isn't anything to read on the socket.  select() or pselect() are your
> friends, here, because they'll tell you if there's data to read from the
> underlying file descriptor.
> I hope this helps!
> -Kyle H

Since the OP is talking about blocking sockets, I'm going to reiterate 
something someone pointed out to me on this very list many years ago and 
save someone a LOT of headaches:

select() should NEVER, EVER be used for blocking sockets.

Just because select() returns any given descriptor doesn't mean that a 
call won't still block when working with blocking sockets.  select() is 
for non-blocking descriptors ONLY.  The amount of extra code involved 
for handling non-blocking sockets is actually quite minimal when a state 
engine is adopted.

I'd love to see select() implementations raise an exception and kill the 
whole application off when passing it a blocking descriptor.  Then we 
would discover how much broken software is floating around out there. 
Since I still see lots of recommendations for using select() with 
blocking descriptors and all of the official system-level documentation 
for select() is silent on this issue, I'm guessing a lot.

Thomas Hruska
Shining Light Productions

Home of BMP2AVI and Win32 OpenSSL.

More information about the openssl-users mailing list