Comments on SSL_peek deficiencies

diff --git a/ssl/s2_lib.c b/ssl/s2_lib.c
index 129ed89d970448a84cefd0b3fcff9423f0186917..a6f4db36c00b2a9905212f3fcd680ae353711e48 100644 (file)
--- a/ssl/s2_lib.c
+++ b/ssl/s2_lib.c
@@ -260,6 +260,9 @@ SSL_CIPHER *ssl2_get_cipher(unsigned int u)
 
 int ssl2_pending(SSL *s)
        {
+       /* Unlike ssl2_pending, this one probably works (if read-ahead
+        * is disabled), but it should be examined
+        * XXX */
        return(s->s2->ract_data_length);
        }
 

diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c
index 184d4f47ff3eb0c36a5184d12786963a31b97fd1..b8ffbed64685a73a48e5fe06e75722a35b378775 100644 (file)
--- a/ssl/s3_lib.c
+++ b/ssl/s3_lib.c
@@ -638,10 +638,10 @@ SSL_CIPHER *ssl3_get_cipher(unsigned int u)
                return(NULL);
        }
 
-/* The problem is that it may not be the correct record type */
 int ssl3_pending(SSL *s)
        {
-       return(s->s3->rrec.length);
+       /* The problem is that it may not be the correct record type */
+       return(s->s3->rrec.length); /* FIXME */
        }
 
 int ssl3_new(SSL *s)

diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index ed2b820984e44ca55049628bb3d5817f5271170e..105bcb2fca8abc8e425230d65d3c2ee37b28e14b 100644 (file)
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -576,6 +576,13 @@ int SSL_get_read_ahead(SSL *s)
 
 int SSL_pending(SSL *s)
        {
+       /* SSL_pending cannot work properly if read-ahead is enabled
+        * (SSL_[CTX_]ctrl(..., SSL_CTRL_SET_READ_AHEAD, 1, NULL)),
+        * and it is impossible to fix since SSL_pending cannot report
+        * errors that may be observed while scanning the new data.
+        * (Note that SSL_pending() is often used as a boolean value,
+        * so we'd better not return -1.)
+        */
        return(s->method->ssl_pending(s));
        }