One of the trickiest parts of using the Secure Transport API is the I/O functions. I posted about this on the old DevForums but I figured I should bring that content into the new world. So, here we go…
The correct way of implementing a Secure Transport read I/O function (
SSLReadFuncIf there’s an error, return that error as the function result.
is fine here because, internally, Secure Transport translates any error toerrSSLInternal
.errSSLClosedAbortIn this case the value stored in
is ignored.*data_lengthIf there’s no error, the function must block waiting for
bytes. Once it’s read that many bytes, it should return*data_length
.errSecSuccess
Note It’s obvious that, in the no error case, you don’t need to set an output value in
*data_lengthIn non-blocking mode the behaviour is somewhat different:
In the error case, behave the same as you did in blocking mode.
In the no error case, return as much data as is available up to the
limit. Set*data_length
to the number of bytes read. If that’s all of the requested bytes, return*data_length
, otherwise returnerrSecSuccess
.errSSLWouldBlock
You implement the write function (
SSLWriteFuncIMPORTANT If you implement non-blocking mode in your I/O functions, you must be prepared for
errSSLWouldBlockSSLHandshakeSSLReadSSLWriteI’ve filed a bug (r. 31371376) to add this information to the standard documentation.
Share and Enjoy
—
Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware
let myEmail = "eskimo" + "1" + "@apple.com"