New SSL API mode 'SSL_MODE_AUTO_RETRY', which disables the default
authorBodo Möller <bodo@openssl.org>
Tue, 12 Sep 2000 20:28:30 +0000 (20:28 +0000)
committerBodo Möller <bodo@openssl.org>
Tue, 12 Sep 2000 20:28:30 +0000 (20:28 +0000)
behaviour that SSL_read may result in SSL_ERROR_WANT_READ.

CHANGES
ssl/s3_pkt.c
ssl/ssl.h

diff --git a/CHANGES b/CHANGES
index 7bb375d11747cb499c4cc54c68d61990acf76d26..2231003dcdeda2da8dc07224aae11e9c6cfe5a24 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -4,6 +4,15 @@
 
  Changes between 0.9.5a and 0.9.6  [xx XXX 2000]
 
+  *) New SSL API mode 'SSL_MODE_AUTO_RETRY'.  This disables the default
+     behaviour that SSL_read may result in SSL_ERROR_WANT_READ (even if
+     the underlying transport is blocking) if a handshake took place.
+     (The default behaviour is needed by applications such as s_client
+     and s_server that use select() to determine when to use SSL_read;
+     but for applications that know in advance when to expect data, it
+     just makes things more complicated.)
+     [Bodo Moeller]
+
   *) Add RAND_egd_bytes(), which gives control over the number of bytes read
      from EGD.
      [Ben Laurie]
index e3d02e6007deb54f1935152b98af0e747d2f3e95..14140798539dfdea43b19bd1251e35bf0c5733e8 100644 (file)
@@ -899,19 +899,21 @@ start:
                                        return(-1);
                                        }
 
-                               if (s->s3->rbuf.left == 0) /* no read-ahead left? */
+                               if (!(s->mode & SSL_MODE_AUTO_RETRY))
                                        {
-                                       BIO *bio;
-                                       /* In the case where we try to read application data
-                                        * the first time, but we trigger an SSL handshake, we
-                                        * return -1 with the retry option set.  I do this
-                                        * otherwise renegotiation can cause nasty problems 
-                                        * in the blocking world */ /* ? */
-                                       s->rwstate=SSL_READING;
-                                       bio=SSL_get_rbio(s);
-                                       BIO_clear_retry_flags(bio);
-                                       BIO_set_retry_read(bio);
-                                       return(-1);
+                                       if (s->s3->rbuf.left == 0) /* no read-ahead left? */
+                                               {
+                                               BIO *bio;
+                                               /* In the case where we try to read application data,
+                                                * but we trigger an SSL handshake, we return -1 with
+                                                * the retry option set.  Otherwise renegotiation may
+                                                * cause nasty problems in the blocking world */
+                                               s->rwstate=SSL_READING;
+                                               bio=SSL_get_rbio(s);
+                                               BIO_clear_retry_flags(bio);
+                                               BIO_set_retry_read(bio);
+                                               return(-1);
+                                               }
                                        }
                                }
                        }
@@ -1022,19 +1024,21 @@ start:
                        return(-1);
                        }
 
-               if (s->s3->rbuf.left == 0) /* no read-ahead left? */
+               if (!(s->mode & SSL_MODE_AUTO_RETRY))
                        {
-                       BIO *bio;
-                       /* In the case where we try to read application data
-                        * the first time, but we trigger an SSL handshake, we
-                        * return -1 with the retry option set.  I do this
-                        * otherwise renegotiation can cause nasty problems 
-                        * in the blocking world */ /* ? */
-                       s->rwstate=SSL_READING;
-                       bio=SSL_get_rbio(s);
-                       BIO_clear_retry_flags(bio);
-                       BIO_set_retry_read(bio);
-                       return(-1);
+                       if (s->s3->rbuf.left == 0) /* no read-ahead left? */
+                               {
+                               BIO *bio;
+                               /* In the case where we try to read application data,
+                                * but we trigger an SSL handshake, we return -1 with
+                                * the retry option set.  Otherwise renegotiation may
+                                * cause nasty problems in the blocking world */
+                               s->rwstate=SSL_READING;
+                               bio=SSL_get_rbio(s);
+                               BIO_clear_retry_flags(bio);
+                               BIO_set_retry_read(bio);
+                               return(-1);
+                               }
                        }
                goto start;
                }
index f418b9921bfe8ee3c287f8e36cd36679c0ef2b96..6ffeca4d31273d77440f702e19a986ded3b58d94 100644 (file)
--- a/ssl/ssl.h
+++ b/ssl/ssl.h
@@ -335,6 +335,9 @@ typedef struct ssl_session_st
  * the misconception that non-blocking SSL_write() behaves like
  * non-blocking write(): */
 #define SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER 0x00000002L
+/* Never bother the application with retries if the transport
+ * is blocking: */
+#define SSL_MODE_AUTO_RETRY 0x00000004L
 
 /* Note: SSL[_CTX]_set_{options,mode} use |= op on the previous value,
  * they cannot be used to clear bits. */