Comments (4)
PR #134 should solve this
from ocaml-ssl.
I don't know if we need to solve this at all. Here's what the documentation says:
SSL_MODE_AUTO_RETRY
Never bother the application with retries if the transport is blocking. If a renegotiation take place during normal operation, a SSL_read(3) or SSL_write(3) would return with -1 and indicate the need to retry with SSL_ERROR_WANT_READ. In a non-blocking environment applications must be prepared to handle incomplete read/write operations. In a blocking environment, applications are not always prepared to deal with read/write operations returning without success report. The flag SSL_MODE_AUTO_RETRY will cause read/write operations to only return after the handshake and successful completion.
My reading is that this flag only has effect on blocking sockets. So your non-blocking use case shouldn't be impacted. And I've definitely verified myself in eio-ssl that non-blocking sockets get retry exceptions.
from ocaml-ssl.
Yes, I saw that also. But I think with non blocking we want allow_partial_write in most application ?
and we probably want async (but the documentation is really very short for this).
So in the PR #134, I put as default
- auto_retry in the general case
and - async + allow_partial_write
in Runtime_lock
I want to find more information on async ...
For auto_retry in non blocking setting, the documentation states clearly that we must be prepared to retry anyway, but I don't known for sure if the number of retries is affected by this option. There could be other reason for retry than renegociation ? We could try and count the retry on an example with and without the option. Now that the PR contains an example.
Anyway the PR give the oportunuty to set all mode (except "accept moving buffer", which is mandatory in OCaml if we allocate the buffer in the heap)
from ocaml-ssl.
I forgot to say: I think we want the mode with as much as possible retry to switch context as much as possible.
from ocaml-ssl.
Related Issues (20)
- flush with non blocking socket must raise an exception HOT 2
- output_string should be a loop HOT 2
- TLSv1, TLSv1_1 and TLSv1_2 are deprecated HOT 6
- Bindings for more ERR_* functions HOT 2
- simplify/optimize c interface HOT 5
- dune runtest gives an error in ssl_error test HOT 14
- Naked pointer - ocaml_ssl_get_current_cipher
- With non blocking socket some functions are a bit useless as it is.
- GC-linked segfault using `ocaml-ssl`
- Ssl.input_string fails with Ssl.Read_error exception
- Add support for [email protected] on macOS HOT 17
- Downstream build broken after openssl 3.3.1 upgrade HOT 6
- TLS1_3_VERSION needs to be ifdef'ed HOT 3
- weird certificate issue on libera.chat HOT 2
- `<openssl/ssl.h>` No such file or directory on 4.12+options opam switch with `ocaml-option-static` HOT 1
- Linking with Ssl causes segfault on multicore OCaml HOT 2
- Build fail when installing with opam HOT 7
- New release? (0.5.11) HOT 2
- Wrong clause number in LGPL special exception HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from ocaml-ssl.