Hi,
I did encounter a situation which I think could be better handled by openssl lib. In my system, when working under heavy load, sometimes while calling SSL_Write, it will return SSL_ERROR_SYSCALL, which we treated as an error and aborted the operation. Next time, when we wanted to send a new packet, passing a new buffer with a different length to the SSL_Write function, it returns the error SSL_ERROR_SSL with the following details:
140701061253440:error:1409F07F:SSL routines:ssl3_write_pending:bad write retry:s3_pkt.c:1097
140701061253440:error:1409F07F:SSL routines:ssl3_write_pending:bad write retry:s3_pkt.c:1097
Meaning that SSL_Write was actually expecting us to call it again with the same buffer and length that was used when it returned SSL_ERROR_SYSCALL.
It turns out that when SSL_Write returned SSL_ERROR_SYSCALL, errno value was set to 11 (EAGAIN or EWOULDBLOCK), so I figured out that, although openssl didn't explicitly indicate us to try again, the underling socket did, therefore I started to handle this specific scenario the same way I would if SSL_Write would have returned SSL_ERROR_WANT_WRITE, and it worked.
My question is: Is it ok to trust the errno in this scenario? Can I handle it that way I handled?
And two: If Openssl is expecting us to retry the SSL_Write call, it should have returned SSL_ERROR_WANT_WRITE, like it does for all other scenarios. So, maybe it is something to be improved for a future release.
This issue happened in the following versions: 0.9.8zb and 1.0.2e
Thanks,
Camiel
-- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
