On Thu, Jan 24, 2019 at 11:09:40PM +0700, Arran Cudbard-Bell wrote: > We could use this to determine what SSL_ERROR_WANT_READ is indicating. As it seems SSL_ERROR_WANT_READ could indicate two conditions in this scenario: > > 1) No pending bytes - Additional handshake messages were processed, there's an expectation of additional application_data, but no hint that more application_data will be forthcoming. > 2) Pending bytes - There is an incomplete record that needs processing. Additional data should be fed into the BIO. If you call SSL_read() and you get SSL_ERROR_WANT_READ it means we can't return any application data at this time. Try again later. With SSL_MODE_AUTO_RETRY off, it could be that calling it directly again can now return application data. If it's on, it means it wasn't available yet and you need to wait for it to arrive. If you use an fd BIO and select(), SSL_ERROR_WANT_READ just means you should wait with select() for more data. Kurt -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
