Comments on SSL_peek deficiencies

ssl/s2_lib.c

@@ -260,6 +260,9 @@ SSL_CIPHER *ssl2_get_cipher(unsigned int u)
 
 int ssl2_pending(SSL *s)
 	{
+	/* Unlike ssl2_pending, this one probably works (if read-ahead
+	 * is disabled), but it should be examined
+	 * XXX */
 	return(s->s2->ract_data_length);
 	}
 

ssl/s3_lib.c

@@ -638,10 +638,10 @@ SSL_CIPHER *ssl3_get_cipher(unsigned int u)
 		return(NULL);
 	}
 
-/* The problem is that it may not be the correct record type */
 int ssl3_pending(SSL *s)
 	{
-	return(s->s3->rrec.length);
+	/* The problem is that it may not be the correct record type */
+	return(s->s3->rrec.length); /* FIXME */
 	}
 
 int ssl3_new(SSL *s)

ssl/ssl_lib.c

@@ -576,6 +576,13 @@ int SSL_get_read_ahead(SSL *s)
 
 int SSL_pending(SSL *s)
 	{
+	/* SSL_pending cannot work properly if read-ahead is enabled
+	 * (SSL_[CTX_]ctrl(..., SSL_CTRL_SET_READ_AHEAD, 1, NULL)),
+	 * and it is impossible to fix since SSL_pending cannot report
+	 * errors that may be observed while scanning the new data.
+	 * (Note that SSL_pending() is often used as a boolean value,
+	 * so we'd better not return -1.)
+	 */
 	return(s->method->ssl_pending(s));
 	}