[gnutls-dev] SSL_connect and non-blocking i/o

Jefferson Ogata Jefferson.Ogata at noaa.gov
Thu Jul 13 02:53:00 CEST 2006

In libextra/gnutls_openssl.c, we have:

SSL_connect (SSL * ssl)
  err = gnutls_handshake (ssl->gnutls_state);

Meanwhile, the gnutls_handshake() docs indicate that gnutls_handshake()
should be called repeatedly until err == 0 or gnutls_error_is_fatal(err)
is true.

So I'm debugging an application that uses the gnutls/OpenSSL
compatibility and is using a non-blocking socket for the underlying
transport; it returns from SSL_connect() without completing a handshake.
I tweak gnutls libextra/gnutls_openssl.c as follows and that fixes my

-    err = gnutls_handshake(ssl->gnutls_state);
+    do
+    {
+       err = gnutls_handshake(ssl->gnutls_state);
+    } while (err < 0 && !gnutls_error_is_fatal (err));

I can't be the only person who has run into this, can I?

Jefferson Ogata <Jefferson.Ogata at noaa.gov>
NOAA Computer Incident Response Team (N-CIRT) <ncirt at noaa.gov>
"Never try to retrieve anything from a bear."--National Park Service

More information about the Gnutls-devel mailing list