I wrote: > Don't make timeouts occur. You have to wait until the handshake is done > anyway. You should only use timeout to detect that too much total time > has elapsed. Set the socket's timeout to the upper bound of that time limit.
Let me say that another way. Write your code so that NO timeouts occur in the course of a successful connection/request/response. Write it such that any timeout is immediately fatal to the entire connection/request/response. You may want to use SSL_ForceHandshakeWithTimeout to control the timeout on that operation. Sadly, we goofed and didn't export that function from libSSL in NSS 3.11.3 (will be fixed in the next NSS release). But there is another trick you can do. Replace the very first SSL_ForceHandshake with a zero-length PR_Send. This will let you set the timeout (which will be used in all subsequent SSL_ForceHandshake calls) and will initiate (but not complete) the handshake. This is what we used before SSL_ForceHandshake, and it still works. SSL_ForceHandshakeWithTimeout would be preferred over this trick, once that's available. -- Nelson B _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
