[openssl-users] Graceful shutdown of TLS connection for blocking sockets

Michel michel.sales at free.fr
Mon Oct 9 15:45:19 UTC 2017

Hi Thomas,

As mentioned previously, I do NOT "want to block" or "hack" with OpenSSL
state machine. 
And again, I agree with you that non-blocking socket programming is best and
more flexible.

I just wanted to understand your point and it is now clear for me since I
read the BUGS section of http://man7.org/linux/man-pages/man2/select.2.html.
Thanks for this, I was not aware of that, I learned something today.

However I don't think this is a "common misunderstanding of select()" as it
is a *BUG* [hopefully] of only select() under linux.
Not a design implementation of *select() and friends* (pselect, poll, epoll,
...) on every other systems.
And on this matter, I don't believe that code relying on interface
documentation is *bad code* by nature, and - IMHO - a bug should be fixed
rather than killing everything around (kind of terrorism programming ? ;-).

Anyway, thanks to have shared your opinion and advices with me.



-----Message d'origine-----
De : openssl-users [mailto:openssl-users-bounces at openssl.org] De la part de
Thomas J. Hruska
Envoyé : lundi 9 octobre 2017 15:32
À : openssl-users at openssl.org
Objet : Re: [openssl-users] Graceful shutdown of TLS connection for blocking

On 10/9/2017 1:32 AM, Michel wrote:
>> With blocking sockets, you just loop back around and repeat the same 
>> call
> if either of those messages are returned by SSL_get_error(). No 
> select() required.
> Yes, you have to repeat the same call, but select() is still usefull, 
> especially with blocking sockets.

And leads to incorrect code and weird blocking scenarios.  Been there, done
that.  You're using select() wrong.  If you want to block, then block and
don't try to hack around it.  Otherwise use non-blocking.

This common misunderstanding of select() is precisely why calling it with a
blocking descriptor should trigger an exception that kills the application.
Doing so would bring a quick end to a lot of bad code.

Thomas Hruska
Shining Light Productions

Home of BMP2AVI and Win32 OpenSSL.
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

More information about the openssl-users mailing list