[openssl-users] Graceful shutdown of TLS connection for blocking sockets
Thomas J. Hruska
shinelight at shininglightpro.com
Sun Oct 8 13:48:37 UTC 2017
On 10/8/2017 4:17 AM, Kyle Hamilton wrote:
> The way to handle this situation is simply to never enter SSL_read() if
> there isn't anything to read on the socket. select() or pselect() are your
> friends, here, because they'll tell you if there's data to read from the
> underlying file descriptor.
> I hope this helps!
> -Kyle H
Since the OP is talking about blocking sockets, I'm going to reiterate
something someone pointed out to me on this very list many years ago and
save someone a LOT of headaches:
select() should NEVER, EVER be used for blocking sockets.
Just because select() returns any given descriptor doesn't mean that a
call won't still block when working with blocking sockets. select() is
for non-blocking descriptors ONLY. The amount of extra code involved
for handling non-blocking sockets is actually quite minimal when a state
engine is adopted.
I'd love to see select() implementations raise an exception and kill the
whole application off when passing it a blocking descriptor. Then we
would discover how much broken software is floating around out there.
Since I still see lots of recommendations for using select() with
blocking descriptors and all of the official system-level documentation
for select() is silent on this issue, I'm guessing a lot.
Shining Light Productions
Home of BMP2AVI and Win32 OpenSSL.
More information about the openssl-users