If I want to call SSL_shutdown() with non-blocking sockets, do I need to keep calling SSL_read() first until it yields SSL_ERROR_WANT_READ?
Question
Given a scenario where:
- multiple SSL/TLS records have arrived on a single socket
- those records are parsed one at a time with
SSL_read()(and a large enough buffer to hold them). - prior to parsing the final record buffered at the SSL layer, I detect invalid application data and want to close the connection without parsing the remaining incoming data
Will SSL_shutdown() discard any remaining SSL read data on the socket for which I haven't called SSL_read() read yet, or do I always need to just keep on calling SSL_read() first until it yields SSL_ERROR_WANT_READ (which would waste CPU cycles extracting data I don't even care about anymore) and then call SSL_shutdown() ?
What concerns me is that SSL_shutdown() too can yield SSL_ERROR_WANT_READ (according to the man page at least), but if for whatever reason there is still unread data on the socket, I won't necessarily be notified of new incoming packets because of how I use epoll_wait() .
1 answers
solution1
0 2014-02-26 12:13:13
Checked the ssl_shutdown code of openssl as well as documentation.. There is no mention of the cleanup done as part of the shutdown. It appears to send just the Close notification to the peer and set state to appropriate state.
I feel the cleanup u are looking for will be done when SSL_free(ssl) will be called. (just my thought as haven't checked the free code deeply).
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.