>> Those code fragment judges the return value from
>> SSL_read(). secure_read() does retrying when SSL_ERROR_WANT_READ *and*
>> SSL_ERROR_WANT_WRITE returned. However, pqsecure_read() does not retry
>> when SSL_ERROR_WANT_READ. It seems they are not consistent. Comments?
>
> There's no particular reason why they should be consistent, I think.
> The assumptions for nonblocking operation are different.
Ok. Thanks.
BTW, usage of SSL_CTX_new() is different among frontend and backend as
well.
fe-secure.c: SSL_context = SSL_CTX_new(TLSv1_method());
be-secure.c: SSL_context = SSL_CTX_new(SSLv23_method());
In my understanding by using SSLV23_method, it is compatible with
SSLv2, SSLv3, and TLSv1 protocol. So it seems there's no particular
reason to use TLSv1_method(). Am I missing something?
--
Tatsuo Ishii
SRA OSS, Inc. Japan
English: http://www.sraoss.co.jp/index_en.php
Japanese: http://www.sraoss.co.jp