I know that SSLread will get SSLWANTREAD again if it was blocked for SSLERRORWANTREAD. How about SSLwrite if SSLread was blocked? My program's connection is a long-lived one, and I'd like to write data to the SSL instance although it was blocked in SSLread, so the throughput won't decrease. – Choes Jun 21 '16 at 1:37. If necessary, SSLread will negotiate a TLS/SSL session, if not already explicitly performed by sslconnect(3) or sslaccept(3). If the peer requests a re-negotiation, it will be performed transparently during the SSLread operation. The behaviour of SSLread depends on the underlying BIO.
- Ssl Read: Errno -5961 (pr_connect_reset_error)
- Ssl_read Ssl_error_syscall
- Ssl_read Failed
- Ssl Read: Errno -5961
#include int
SSL_read(SSL *ssl, void *buf, int num);
SSL_read(SSL *ssl, void *buf, int num);
SSL_read() tries to read num bytes from the specified ssl into the buffer buf.
If necessary, SSL_read() will negotiate a TLS/SSL session, if not already explicitly performed by SSL_connect(3) or SSL_accept(3). If the peer requests a re-negotiation, it will be performed transparently during the SSL_read() operation. The behaviour of SSL_read() depends on the underlying BIO.For the transparent negotiation to succeed, the ssl must have been initialized to client or server mode. This is being done by calling SSL_set_connect_state(3) or SSL_set_accept_state(3) before the first call to SSL_read() or SSL_write(3).SSL_read() works based on the SSL/TLS records. The data are received in records (with a maximum record size of 16kB for SSLv3/TLSv1). Only after a record has been completely received can it be processed (decrypted and checked for integrity). Therefore data not retrieved at the last call of SSL_read() can still be buffered inside the SSL layer and will be retrieved on the next call to SSL_read(). If num is higher than the number of bytes buffered, SSL_read() will return with the bytes buffered. If no more bytes are in the buffer, SSL_read() will trigger the processing of the next record. Only when the record has been received and processed completely will SSL_read() return reporting success. At most the contents of the record will be returned. As the size of an SSL/TLS record may exceed the maximum packet size of the underlying transport (e.g., TCP), it may be necessary to read several packets from the transport layer before the record is complete and SSL_read() can succeed.If the underlying BIO is blocking, SSL_read() will only return once the read operation has been finished or an error has occurred, except when a renegotiation take place, in which case a SSL_ERROR_WANT_READ may occur. This behavior can be controlled with the SSL_MODE_AUTO_RETRY flag of the SSL_CTX_set_mode(3) call.If the underlying BIO is non-blocking, SSL_read() will also return when the underlying BIO could not satisfy the needs of SSL_read() to continue the operation. In this case a call to SSL_get_error(3) with the return value of SSL_read() will yield SSL_ERROR_WANT_READ or SSL_ERROR_WANT_WRITE. As at any time a re-negotiation is possible, a call to SSL_read() can also cause write operations! The calling process then must repeat the call after taking appropriate action to satisfy the needs of SSL_read(). The action depends on the underlying BIO. When using a non-blocking socket, nothing is to be done, but select(2) can be used to check for the required condition. When using a buffering BIO, like a BIO pair, data must be written into or retrieved out of the BIO before being able to continue.SSL_pending(3) can be used to find out whether there are buffered bytes available for immediate retrieval. In this case SSL_read() can be called without blocking or actually receiving new data from the underlying socket.
When an SSL_read() operation has to be repeated because of SSL_ERROR_WANT_READ or SSL_ERROR_WANT_WRITE, it must be repeated with the same arguments.
The following return values can occur:
- >0
- The read operation was successful; the return value is the number of bytes actually read from the TLS/SSL connection.
- 0
- The read operation was not successful. The reason may either be a clean shutdown due to a 'close notify' alert sent by the peer (in which case the SSL_RECEIVED_SHUTDOWN flag in the ssl shutdown state is set (see SSL_shutdown(3) and SSL_set_shutdown(3)). It is also possible that the peer simply shut down the underlying transport and the shutdown is incomplete. Call SSL_get_error() with the return value to find out whether an error occurred or the connection was shut down cleanly (SSL_ERROR_ZERO_RETURN).SSLv2 (deprecated) does not support a shutdown alert protocol, so it can only be detected whether the underlying connection was closed. It cannot be checked whether the closure was initiated by the peer or by something else.
- <0
- The read operation was not successful, because either an error occurred or action must be taken by the calling process. Call SSL_get_error() with the return value to find out the reason.
bio(3), ssl(3), SSL_accept(3), SSL_connect(3), SSL_CTX_new(3), SSL_CTX_set_mode(3), SSL_get_error(3), SSL_pending(3), SSL_set_connect_state(3), SSL_set_shutdown(3), SSL_shutdown(3), SSL_write(3)
| SSL_CTX_SET_READ_AHEAD(3) | OpenSSL | SSL_CTX_SET_READ_AHEAD(3) |
SSL_CTX_set_read_ahead, SSL_CTX_get_read_ahead, SSL_set_read_ahead, SSL_get_read_ahead, SSL_CTX_get_default_read_ahead - manage whether to read as many input bytes as possible SSL_CTX_set_read_ahead()
and SSL_set_read_ahead() set whether we should read as many input bytes as possible (for nonblocking reads) or not. For example if x bytes are currently required by OpenSSL, but y bytes are available from the underlying BIO (where y > x), then OpenSSL will read all y bytes into its buffer (providing that the buffer is large enough) if reading ahead is on, or x bytes otherwise. Setting the parameter yes
Ssl Read: Errno -5961 (pr_connect_reset_error)
to 0 turns reading ahead is off, other values turn it on.
SSL_CTX_set_default_read_ahead() is identical to SSL_CTX_set_read_ahead().
SSL_CTX_get_read_ahead() and SSL_get_read_ahead() indicate whether reading ahead has been set or not. SSL_CTX_get_default_read_ahead() is identical to SSL_CTX_get_read_ahead(). Monster hunter world discord.
I know that SSLread will get SSLWANTREAD again if it was blocked for SSLERRORWANTREAD. How about SSLwrite if SSLread was blocked? My program's connection is a long-lived one, and I'd like to write data to the SSL instance although it was blocked in SSLread, so the throughput won't decrease. – Choes Jun 21 '16 at 1:37. If necessary, SSLread will negotiate a TLS/SSL session, if not already explicitly performed by sslconnect(3) or sslaccept(3). If the peer requests a re-negotiation, it will be performed transparently during the SSLread operation. The behaviour of SSLread depends on the underlying BIO.
- Ssl Read: Errno -5961 (pr_connect_reset_error)
- Ssl_read Ssl_error_syscall
- Ssl_read Failed
- Ssl Read: Errno -5961
#include int
SSL_read(SSL *ssl, void *buf, int num);
SSL_read(SSL *ssl, void *buf, int num);
SSL_read() tries to read num bytes from the specified ssl into the buffer buf.
If necessary, SSL_read() will negotiate a TLS/SSL session, if not already explicitly performed by SSL_connect(3) or SSL_accept(3). If the peer requests a re-negotiation, it will be performed transparently during the SSL_read() operation. The behaviour of SSL_read() depends on the underlying BIO.For the transparent negotiation to succeed, the ssl must have been initialized to client or server mode. This is being done by calling SSL_set_connect_state(3) or SSL_set_accept_state(3) before the first call to SSL_read() or SSL_write(3).SSL_read() works based on the SSL/TLS records. The data are received in records (with a maximum record size of 16kB for SSLv3/TLSv1). Only after a record has been completely received can it be processed (decrypted and checked for integrity). Therefore data not retrieved at the last call of SSL_read() can still be buffered inside the SSL layer and will be retrieved on the next call to SSL_read(). If num is higher than the number of bytes buffered, SSL_read() will return with the bytes buffered. If no more bytes are in the buffer, SSL_read() will trigger the processing of the next record. Only when the record has been received and processed completely will SSL_read() return reporting success. At most the contents of the record will be returned. As the size of an SSL/TLS record may exceed the maximum packet size of the underlying transport (e.g., TCP), it may be necessary to read several packets from the transport layer before the record is complete and SSL_read() can succeed.If the underlying BIO is blocking, SSL_read() will only return once the read operation has been finished or an error has occurred, except when a renegotiation take place, in which case a SSL_ERROR_WANT_READ may occur. This behavior can be controlled with the SSL_MODE_AUTO_RETRY flag of the SSL_CTX_set_mode(3) call.If the underlying BIO is non-blocking, SSL_read() will also return when the underlying BIO could not satisfy the needs of SSL_read() to continue the operation. In this case a call to SSL_get_error(3) with the return value of SSL_read() will yield SSL_ERROR_WANT_READ or SSL_ERROR_WANT_WRITE. As at any time a re-negotiation is possible, a call to SSL_read() can also cause write operations! The calling process then must repeat the call after taking appropriate action to satisfy the needs of SSL_read(). The action depends on the underlying BIO. When using a non-blocking socket, nothing is to be done, but select(2) can be used to check for the required condition. When using a buffering BIO, like a BIO pair, data must be written into or retrieved out of the BIO before being able to continue.SSL_pending(3) can be used to find out whether there are buffered bytes available for immediate retrieval. In this case SSL_read() can be called without blocking or actually receiving new data from the underlying socket.
When an SSL_read() operation has to be repeated because of SSL_ERROR_WANT_READ or SSL_ERROR_WANT_WRITE, it must be repeated with the same arguments.
The following return values can occur:
- >0
- The read operation was successful; the return value is the number of bytes actually read from the TLS/SSL connection.
- 0
- The read operation was not successful. The reason may either be a clean shutdown due to a 'close notify' alert sent by the peer (in which case the SSL_RECEIVED_SHUTDOWN flag in the ssl shutdown state is set (see SSL_shutdown(3) and SSL_set_shutdown(3)). It is also possible that the peer simply shut down the underlying transport and the shutdown is incomplete. Call SSL_get_error() with the return value to find out whether an error occurred or the connection was shut down cleanly (SSL_ERROR_ZERO_RETURN).SSLv2 (deprecated) does not support a shutdown alert protocol, so it can only be detected whether the underlying connection was closed. It cannot be checked whether the closure was initiated by the peer or by something else.
- <0
- The read operation was not successful, because either an error occurred or action must be taken by the calling process. Call SSL_get_error() with the return value to find out the reason.
bio(3), ssl(3), SSL_accept(3), SSL_connect(3), SSL_CTX_new(3), SSL_CTX_set_mode(3), SSL_get_error(3), SSL_pending(3), SSL_set_connect_state(3), SSL_set_shutdown(3), SSL_shutdown(3), SSL_write(3)
| SSL_CTX_SET_READ_AHEAD(3) | OpenSSL | SSL_CTX_SET_READ_AHEAD(3) |
SSL_CTX_set_read_ahead, SSL_CTX_get_read_ahead, SSL_set_read_ahead, SSL_get_read_ahead, SSL_CTX_get_default_read_ahead - manage whether to read as many input bytes as possible SSL_CTX_set_read_ahead() and SSL_set_read_ahead() set whether we should read as many input bytes as possible (for nonblocking reads) or not. For example if x bytes are currently required by OpenSSL, but y bytes are available from the underlying BIO (where y > x), then OpenSSL will read all y bytes into its buffer (providing that the buffer is large enough) if reading ahead is on, or x bytes otherwise. Setting the parameter yes
Ssl Read: Errno -5961 (pr_connect_reset_error)
to 0 turns reading ahead is off, other values turn it on. SSL_CTX_set_default_read_ahead() is identical to SSL_CTX_set_read_ahead().SSL_CTX_get_read_ahead() and SSL_get_read_ahead() indicate whether reading ahead has been set or not. SSL_CTX_get_default_read_ahead() is identical to SSL_CTX_get_read_ahead(). Monster hunter world discord.
These functions have no impact when used with DTLS. The return values for SSL_CTX_get_read_head() andSsl_read Ssl_error_syscall
SSL_get_read_ahead() are undefined for DTLS. Setting read_ahead can impact the behaviour of the SSL_pending() function (see SSL_pending(3)).Since SSL_read() can return SSL_ERROR_WANT_READ for non-application data records, and SSL_has_pending() can't tell the difference between processed and unprocessed data, it's recommended that if read ahead is turned on that SSL_MODE_AUTO_RETRY is not turned off using SSL_CTX_clear_mode(). That will prevent getting SSL_ERROR_WANT_READ when there is still a complete record available that hasn't been processed.
Ssl_read Failed
If the application wants to continue to use the underlying transport (e.g. Hadrian's wall wiki. TCP connection) after the SSL connection is finished using SSL_shutdown() reading ahead should be turned off. Otherwise the SSL structure might read data that it shouldn't.
Ssl Read: Errno -5961
SSL_get_read_ahead() and SSL_CTX_get_read_ahead() return 0 if reading ahead is off, and non zero otherwise. ssl(7), SSL_pending(3) Copyright 2015-2020 The OpenSSL Project Authors. All Rights Reserved.Licensed under the OpenSSL license (the 'License'). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.
| 2021-03-25 | 1.1.1k |
