boringssl

History

Adam Langley ec48af40a7 Make SSL_MODE_AUTO_RETRY the default. Without SSL_MODE_AUTO_RETRY, even blocking mode will return SSL_ERROR_WANT_{READ\|WRITE} in the event of a renegotiation. The comments in the code speak only of "nasty problems" unless this is done. The original commit that added SSL_MODE_AUTO_RETRY (54f10e6adce56eb2e59936e32216162aadc5d050) gives a little more detail: The [...] behaviour is needed by applications such as s_client and s_server that use select() to determine when to use SSL_read. Without the -nbio flag, s_client will use select() to find when the socket is readable and then call SSL_read with a blocking socket. However, this will still block in the event of an incomplete record, so the delay is already unbounded. This it's very unclear what the point of this behaviour ever was. Perhaps if the read and write paths were different sockets where the read socket was non-blocking but the write socket was blocking. But that seems like an implausible situation to worry too much about. Change-Id: I9d9f2526afc2e0fd0e5440e9a047f419a2d61afa Reviewed-on: https://boringssl-review.googlesource.com/2140 Reviewed-by: Adam Langley <agl@google.com>	2014-11-04 01:25:22 +00:00
..
openssl	Make SSL_MODE_AUTO_RETRY the default.	2014-11-04 01:25:22 +00:00

Adam Langley ec48af40a7 Make SSL_MODE_AUTO_RETRY the default.

Without SSL_MODE_AUTO_RETRY, even blocking mode will return
SSL_ERROR_WANT_{READ|WRITE} in the event of a renegotiation.

The comments in the code speak only of "nasty problems" unless this is
done. The original commit that added SSL_MODE_AUTO_RETRY
(54f10e6adce56eb2e59936e32216162aadc5d050) gives a little more detail:

    The [...] behaviour is needed by applications such as s_client and
    s_server that use select() to determine when to use SSL_read.

Without the -nbio flag, s_client will use select() to find when the
socket is readable and then call SSL_read with a blocking socket.
However, this will still block in the event of an incomplete record, so
the delay is already unbounded. This it's very unclear what the point of
this behaviour ever was.

Perhaps if the read and write paths were different sockets where the
read socket was non-blocking but the write socket was blocking. But that
seems like an implausible situation to worry too much about.

Change-Id: I9d9f2526afc2e0fd0e5440e9a047f419a2d61afa
Reviewed-on: https://boringssl-review.googlesource.com/2140
Reviewed-by: Adam Langley <agl@google.com>

2014-11-04 01:25:22 +00:00

openssl

Make SSL_MODE_AUTO_RETRY the default.

2014-11-04 01:25:22 +00:00