Clarify behaviour with respect to SSL/TLS records.

author Lutz Jänicke <jaenicke@openssl.org>

Sat, 12 May 2001 09:49:46 +0000 (09:49 +0000)

committer Lutz Jänicke <jaenicke@openssl.org>

Sat, 12 May 2001 09:49:46 +0000 (09:49 +0000)
author Lutz Jänicke <jaenicke@openssl.org>
Sat, 12 May 2001 09:49:46 +0000 (09:49 +0000)
committer Lutz Jänicke <jaenicke@openssl.org>
Sat, 12 May 2001 09:49:46 +0000 (09:49 +0000)
diff --git a/doc/ssl/SSL_read.pod b/doc/ssl/SSL_read.pod

index 7db5ee0a22ad0e81ff95f1dc722b4738b9092868..0db51452be9c51d0a21b60c0cfa390c1331fd446 100644 (file)
--- a/doc/ssl/SSL_read.pod
+++ b/doc/ssl/SSL_read.pod
@@ -31,6 +31,18 @@ L<SSL_set_connect_state(3)|SSL_set_connect_state(3)> or SSL_set_accept_state()
  must be used before the first call to an SSL_read() or
  L<SSL_write(3)|SSL_write(3)> function.
  
+SSL_read() works based on the SSL/TLS records. The data are received in
+records (with a maximum record size of 16kB for SSLv3/TLSv1). Only when a
+record has been completely received, it can be processed (decryption and
+check of integrity). Therefore data that was not retrieved at the last
+call of SSL_read() can still be buffered inside the SSL layer and will be
+retrieved on the next call to SSL_read(). If B<num> is higher than the
+number of bytes buffered, SSL_read() will return with the bytes buffered.
+If no more bytes are in the buffer, SSL_read() will trigger the processing
+of the next record. Only when the record has been received and processed
+completely, SSL_read() will return reporting success. At most the contents
+of the record will be returned.
+
  If the underlying BIO is B<blocking>, SSL_read() will only return, once the
  read operation has been finished or an error occurred, except when a
  renegotiation take place, in which case a SSL_ERROR_WANT_READ may occur.
author	Lutz Jänicke <jaenicke@openssl.org>
	Sat, 12 May 2001 09:49:46 +0000 (09:49 +0000)
committer	Lutz Jänicke <jaenicke@openssl.org>
	Sat, 12 May 2001 09:49:46 +0000 (09:49 +0000)