[issue21430] Document ssl.pending()

Steffen Ullrich report at bugs.python.org
Sat May 17 20:48:25 CEST 2014


Steffen Ullrich added the comment:

Data transport in SSL is not done with plain TCP, but with encoded frames inside TCP. To get decoded data one has to first receive the full frame, even if one is only interested in the first bytes. Example:
 - server does an SSL_write with 200 bytes. This will result in a frame which contain all the 200 bytes. 
 - if the client does a SSL_read (e.g. recv) to get 100 bytes the underlying SSL stack will read the full frame, but return only 100 bytes of the 200 bytes.
 - if the client then would call select to check if more data are available this would fail, because select checks the data on the socket only. But pending would return that there are still 100 bytes available for read in the SSL stack.

So to make use of select with SSL the application would have to check first with pending, if there are already buffered data, and only if there are no buffered data it should call select to check if there are data on the socket.

But, one could skip the call of pending if all SSL_read (recv) are at least 16k, because this is the maximum size of an SSL frame and SSL_read will not read more than one SSL frame at a time (actually I'm not sure if python calls only SSL_read once within recv, but I assume so).

You might have a look at the examples and documentation for non-blocking I/O for Perls  IO::Socket::SSL package (disclaimer: I'm the maintainer):  http://search.cpan.org/~sullr/IO-Socket-SSL-1.987/lib/IO/Socket/SSL.pm

----------
nosy: +noxxi

_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue21430>
_______________________________________


More information about the Python-bugs-list mailing list