Yay for EINTR, but you're still handling EAGAIN; it's just called TLS_POLLIN/TLS_POLLOUT now. (Not that this is a bad thing: this is exactly what I'd expect from such an API, as it needs to integrate with the local event loop.)
The "What's wrong with the OpenSSL API" is excellent: a coworker ran into this just recently. A client was failing to connect, and had SSL23_XXX in the stack trace, and he wondered why it was using an outdated version of SSL; since we've long since disabled support for SSLv3 server-side, he figured — reasonably — that the client was failing to connect for that reason.
For those wondering, from the Python docs, which have the best explanation I know of:
> ssl.PROTOCOL_SSLv23
> Selects the highest protocol version that both the client and server support. Despite the name, this option can select “TLS” protocols as well as “SSL”.
Yay for EINTR, but you're still handling EAGAIN; it's just called TLS_POLLIN/TLS_POLLOUT now. (Not that this is a bad thing: this is exactly what I'd expect from such an API, as it needs to integrate with the local event loop.)
The "What's wrong with the OpenSSL API" is excellent: a coworker ran into this just recently. A client was failing to connect, and had SSL23_XXX in the stack trace, and he wondered why it was using an outdated version of SSL; since we've long since disabled support for SSLv3 server-side, he figured — reasonably — that the client was failing to connect for that reason.
For those wondering, from the Python docs, which have the best explanation I know of:
> ssl.PROTOCOL_SSLv23
> Selects the highest protocol version that both the client and server support. Despite the name, this option can select “TLS” protocols as well as “SSL”.