> TCP can do half-duplex connections (read side shut down, write side
> still operating).


> OpenSSL can not do half-duplex connections.


True.

> An innocent OpenSSL API user is not told that OpenSSL can not do
> half-duplex connections and that he must not try.



Nonsense. It is impossible for him to try, so it's pointless to warn him not
to. We don't warn people not to become invisible because it's impossible for
people to become invisible. There is no function analogous to
shutdown(SHUT_RD) for SSL connections. No such function exists.

> > What do you see as the difference between OpenSSL's behavior
> > and classic TCP
> > behavior in this case?


> I hope I answered you adequately in the section above, combined with the
> supporting details in my previous emails.


You are correct that one difference between SSL connections and TCP
connections is that it is impossible to even attempt a half-duplex SSL
connection. But since you can't even try to create one since no function
exists to do it, what possible documentation would you want?

Do you want "Note: There is no function analogous to shutdown(SD_RD) for SSL
connections."

I don't see how pointing out the nonexistence is going to help anyone.
Anyone not looking for it likely doesn't care whether it exists or not.
Anyone looking for it won't find it and will quickly realize that it doesn't
exist.

DS


__________________________________________________ ____________________
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager majordomo@openssl.org