On Wed, May 25, 2005 at 09:43:00AM +0100, Philip Hazel wrote:
> On Wed, 25 May 2005, Ian FREISLICH wrote:
>
> > If the underlying BIO is non-blocking, SSL_write() will also return,
> > when the underlying BIO could not satisfy the needs of SSL_write() to
> > continue the operation. In this case a call to SSL_get_error(3) with
> > the return value of SSL_write() will yield SSL_ERROR_WANT_READ or
> > SSL_ERROR_WANT_WRITE. As at any time a re-negotiation is possible, a
> > call to SSL_write() can also cause read operations! The calling process
> > then must repeat the call after taking appropriate action to satisfy
> > the needs of SSL_write(). The action depends on the underlying BIO.
> > When using a non-blocking socket, nothing is to be done, but select()
> > can be used to check for the required condition. When using a buffering
> > BIO, like a BIO pair, data must be written into or retrieved out of the
> > BIO before being able to continue.
>
> Fascinating, but I'm afraid that's all completely over my head! I'm
> really not good at the SSL stuff, and remember, Exim supports GnuTLS as
> well as OpenSSL. What is currently there seems to work, and as I have
> far too much other stuff to do, my judgement at the moment is to leave
> well alone.
it's nasty, because it can make a select loop much more
tangled. One alternative would be to fork a process to
proxy between SSL and non-SSL connections, though this has
its own disadvantages.
--
``Saying that road tax should be spent on transport is like
saying that alcohol duty should be spent on pubs.'' (seen on the internet)
