SSL_read() on client blocks even after select() returns with readable server socket

Question

I am building a TLS client using C to connect to a secure server usint TLS 1.3.

I have created a blocking (regular) TCP socket.And then connect to the remote secure server. Also I have created and configured SSL context and linked the server socket to SSL object (SSL_set_fd()). My SSL_connect() is successfull and I am able to send/receive data from the remote server.

The problem I am facing is, I have a event loop, where I am doing multiple SSL_write() and have a select() to monitor the socket for incomming data from server. However, in every iteration of the event loop thel select() returns readable socket, and SSL_read() blocks.

Why does he SSL_read(( is unable to read even though select() tags the socket ready to read?

Answer 1

select does not reflect data availability at the TLS level. It might be that data can be read from the socket, but that this is no payload at all but instead a session ticket (new with TLS 1.3) or alert. Or it might be payload, but not a full TLS frame - in which case SSL_read cannot return any data yet. Similar it might be that select claims that nothing can be read but that SSL_read would actually be successful - because there are still data unread from the last TLS frame (check with SSL_pending).

Answer 2

Because the socket received some bytes that were for OpenSSL, not for you. Like a renegotiation or a heartbeat.

Because you're using a blocking socket, OpenSSL knows that you don't want SSL_read to return until it receives some data for you.

If you want SSL_read to return even if it doesn't have any data for you, then make the socket non-blocking to begin with.