2008/12/29 Rob Shearman robertshearman@gmail.com:
Is it really expected for gnutls_record_recv to return GNUTLS_E_AGAIN on the first call and for the code to have to return that to the caller? That is what the code as it is at the moment does. It seems to me as though you should return SEC_E_INCOMPLETE_MESSAGE if you decrypted all of the data in the supplied buffer, but gnutls still returns GNUTLS_E_AGAIN. That then signals to the app to download more data and call DecryptMessage() again with the new data.
No, gnutls_record_recv() is only supposed to return GNUTLS_E_AGAIN when schan_pull() can't find any more data to read (ie, once we've read data from all the relevant buffers in the buffer desc) and the record it's decryping is still incomplete.