On Thursday, May 23, 2024 9:56 AM, Wiebe Cazemier wrote: >> From: "Neil Horman" <nhorman@xxxxxxxxxxx> >> from: >> [ https://www.openssl.org/docs/man1.0.2/man3/SSL_CTX_set_mode.html | >> https://www.openssl.org/docs/man1.0.2/man3/SSL_CTX_set_mode.html ] > >> SSL_MODE_AUTO_RETRY in non-blocking mode should cause >> SSL_reaa/SSL_write to return -1 with an error code of >> WANT_READ/WANT_WRITE until such time as the re-negotiation has >> completed. I need to confirm thats the case in the code, but it seems >> to be. If the underlying socket is in non-blocking mode, there should >> be no way for calls to block in SSL_read/SSL_write on the socket read/write system >call. > >I still don't really see what the difference is between SSL_MODE_AUTO_RETRY on or >off in non-blocking mode? > >The person at [1] seems to have had a similar issue, and was convinced clearing >SSL_MODE_AUTO_RETRY fixed it. But I agree, I don't know how it could be. >OpenSSL would have to remove the O_NONBLOCK, or do select/poll, and I can't >find it doing that. > >I hope it happens again soon and I'm around to attach a debugger. I may be incorrect here, but my interpretation is as follows: SSL_MODE_AUTO_RETRY on - if there is a packet ready to read on the socket, the packet is retrieved. Same for write. If not ready, because EWOULDBLOCK, the operation is retried automatically by OpenSSL. SSL_MODE_AUTO_RETRY off - if there is a packet ready to read on the socket, the packet is retrieved. Same for write. If not ready, the OpenSSL operation reports an error. Randall
