Question about SSL_ERROR_WANT_WRITE

Cosmin Apreutesei cosmin.apreutesei at gmail.com
Thu Dec 10 15:14:00 UTC 2020


Hello,

I have a question regarding SSL_write() and returning SSL_ERROR_WANT_WRITE
from the write callback.

_After_ SSL_write() returns with SSL_ERROR_WANT_WRITE (because my write
callback returned  SSL_ERROR_WANT_WRITE), can I _then_ send the data given
to the calback and then call SSL_write() again (with the same arguments)
and then in the second call to the callback return the number of bytes
written? Is that a supported use of the API? (I'm asking because that's the
only way I can use the API, I can't send the data inside the callback, I
need to send it outside the callback, see below for why).

In other words, is it guaranteed that on that second call to  SSL_write(),
SSL will want to send the exact same data that it tried before when it
failed, and not change its mind about it wants to send? Because
technically, since SSL_ERROR_WANT_WRITE implies that "no data was sent",
the state machine might as well advance and send something different at a
later time (because it received data or something inside expired or
whatever).

----

Why I need this: I'm using IOCP and LuaJIT which means I have two
limitations:

1) Because I'm using a completion API as opposed to a readiness API, I
can't just tell OpenSSL when the socket is writable and let it write to it,
I need to write the data myself.

2) because LuaJIT doesn't allow me to yield from inside a C callback, I
can't do async I/O inside the callback, I can only do it in between calls
to SSL_read()/SSL_write().

Any suggestions appreciated, thanks!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-users/attachments/20201210/1a36155d/attachment.html>


More information about the openssl-users mailing list