[Cryptography-dev] pyOpenSSL: non-blocking socket support
Nikolaus Rath
Nikolaus at rath.org
Tue Jun 28 18:46:08 EDT 2016
On Jun 28 2016, Cory Benfield <cory-4cWZ1Abt8O3QXOPxS62xeg at public.gmane.org> wrote:
>> On 28 Jun 2016, at 17:50, Nikolaus Rath <Nikolaus-BTH8mxji4b0 at public.gmane.org> wrote:
>>
>> Hum. When using BIOs, does this mean that I can safely refill/read-out
>> the BIO when getting SSLWantRead/SSLWantRead and then call the SSL
>> function again, or do I need to keep track of the detailed io state
>> again?
>>
>> Best,
>> -Nikolaus
>
> If you get SSLWantRead it’s a signal that you’re waiting for more data
> from the socket: you shouldn’t expect to see SSLWantWrite in regular
> use with a BIO.
What happens if the data that OpenSSL wants to send doesn't fit in the
provided BIO? Shouldn't that raise SSLWantWrite?
> You shove application data in: if you get no error,
> you write out as much as you can from the BIO.
...but that may not be enough.
> If you get WantRead, you make sure you go back to the socket because
> you need some data from it.
That's the behavior that I would expect, yes. It is also what I would
expect to be the right method when using ssl (or PyOpenSSL) with
non-blocking sockets. But in the latter cases is actually insufficient,
so I've grown cautious.
Best,
-Nikolaus
--
GPG encrypted emails preferred. Key id: 0xD113FCAC3C4E599F
Fingerprint: ED31 791B 2C5C 1613 AF38 8B8A D113 FCAC 3C4E 599F
»Time flies like an arrow, fruit flies like a Banana.«
More information about the Cryptography-dev
mailing list