diff options
author | Matt Caswell <matt@openssl.org> | 2016-05-03 17:55:00 +0100 |
---|---|---|
committer | Matt Caswell <matt@openssl.org> | 2016-05-05 19:39:14 +0100 |
commit | fc7f190c732729c1d0eb9dcdb7ff05ed6b06056f (patch) | |
tree | b4b70753df865b62635b71b1ad177a1b0582a6d0 /doc/ssl | |
parent | 0eadff033fea00f1b9abe0a83bf0d6637690f085 (diff) |
Handle no async jobs in libssl
If the application has limited the size of the async pool using
ASYNC_init_thread() then we could run out of jobs while trying to start a
libssl io operation. However libssl was failing to handle this and treating
it like a fatal error. It should not be fatal...we just need to retry when
there are jobs available again.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Diffstat (limited to 'doc/ssl')
-rw-r--r-- | doc/ssl/SSL_get_error.pod | 10 | ||||
-rw-r--r-- | doc/ssl/SSL_want.pod | 23 |
2 files changed, 30 insertions, 3 deletions
diff --git a/doc/ssl/SSL_get_error.pod b/doc/ssl/SSL_get_error.pod index 271f849666..dd7ac3c690 100644 --- a/doc/ssl/SSL_get_error.pod +++ b/doc/ssl/SSL_get_error.pod @@ -99,6 +99,16 @@ L<SSL_get_async_wait_fd(3)>. The TLS/SSL I/O function should be called again later. The function B<must> be called from the same thread that the original call was made from. +=item SSL_ERROR_WANT_ASYNC_JOB + +The asynchronous job could not be started because there were no async jobs +available in the pool (see ASYNC_init_thread(3)). This will only occur if the +mode has been set to SSL_MODE_ASYNC using L<SSL_CTX_set_mode(3)> or +L<SSL_set_mode(3)> and a maximum limit has been set on the async job pool +through a call to L<ASYNC_init_thread(3)>. The application should retry the +operation after a currently executing asynchronous operation for the current +thread has completed. + =item SSL_ERROR_SYSCALL Some I/O error occurred. The OpenSSL error queue may contain more diff --git a/doc/ssl/SSL_want.pod b/doc/ssl/SSL_want.pod index e8b426c7b5..d1c0fe0d5b 100644 --- a/doc/ssl/SSL_want.pod +++ b/doc/ssl/SSL_want.pod @@ -2,7 +2,9 @@ =head1 NAME -SSL_want, SSL_want_nothing, SSL_want_read, SSL_want_write, SSL_want_x509_lookup - obtain state information TLS/SSL I/O operation +SSL_want, SSL_want_nothing, SSL_want_read, SSL_want_write, SSL_want_x509_lookup, +SSL_want_async, SSL_want_async_job - obtain state information TLS/SSL I/O +operation =head1 SYNOPSIS @@ -13,6 +15,8 @@ SSL_want, SSL_want_nothing, SSL_want_read, SSL_want_write, SSL_want_x509_lookup int SSL_want_read(const SSL *ssl); int SSL_want_write(const SSL *ssl); int SSL_want_x509_lookup(const SSL *ssl); + int SSL_want_async(const SSL *ssl); + int SSL_want_async_job(const SSL *ssl); =head1 DESCRIPTION @@ -65,10 +69,23 @@ SSL_CTX_set_client_cert_cb() has asked to be called again. A call to L<SSL_get_error(3)> should return SSL_ERROR_WANT_X509_LOOKUP. +=item SSL_ASYNC_PAUSED + +An asynchronous operation partially completed and was then paused. See +L<SSL_get_all_async_fds(3)>. A call to L<SSL_get_error(3)> should return +SSL_ERROR_WANT_ASYNC. + +=item SSL_ASYNC_NO_JOBS + +The asynchronous job could not be started because there were no async jobs +available in the pool (see ASYNC_init_thread(3)). A call to L<SSL_get_error(3)> +should return SSL_ERROR_WANT_ASYNC_JOB. + =back -SSL_want_nothing(), SSL_want_read(), SSL_want_write(), SSL_want_x509_lookup() -return 1, when the corresponding condition is true or 0 otherwise. +SSL_want_nothing(), SSL_want_read(), SSL_want_write(), SSL_want_x509_lookup(), +SSL_want_async() and SSL_want_async_job() return 1, when the corresponding +condition is true or 0 otherwise. =head1 SEE ALSO |