1 files changed, 13 insertions, 20 deletions
diff --git a/src/lib/libtls/tls_init.3 b/src/lib/libtls/tls_init.3
index 70493fae03..6389a96722 100644
--- a/src/lib/libtls/tls_init.3
+++ b/src/lib/libtls/tls_init.3
@@ -1,4 +1,4 @@
-.\" $OpenBSD: tls_init.3,v 1.29 2015/09/10 11:21:08 jsing Exp $
+.\" $OpenBSD: tls_init.3,v 1.30 2015/09/10 13:23:57 jsing Exp $
 .\"
 .\" Copyright (c) 2014 Ted Unangst <tedu@openbsd.org>
 .\"
@@ -442,32 +442,25 @@ and
 .Fn tls_close
 functions have two special return values:
 .Pp
-.Bl -tag -width "TLS_WRITE_AGAIN" -offset indent -compact
+.Bl -tag -width "TLS_WANT_POLLOUT" -offset indent -compact
-.It Dv TLS_READ_AGAIN
+.It Dv TLS_WANT_POLLIN
-A read operation is necessary to continue.
+The underlying read file descriptor needs to be readable in order to continue.
-.It Dv TLS_WRITE_AGAIN
+.It Dv TLS_WANT_POLLOUT
-A write operation is necessary to continue.
+The underlying write file descriptor needs to be writeable in order to continue.
 .El
 .Pp
-There are underlying TLS engine read or write operations which may
+In the case of blocking file descriptors, the same function call should be
-not correspond with the name of the function called.
+repeated immediately.
-For example, it is possible to receive a
+In the case of non-blocking file descriptors, the same function call should be
-.Dv TLS_READ_AGAIN
+repeated when the required condition has been met.
-even when calling
-.Fn tls_write .
-.Pp
-While there are cases where these functions will return one or the
-other or both, the best practice is to always check for both.
-In all cases the same function call should be repeated.
 .Sh EXAMPLES
-Example showing how to handle partial TLS writes.
+Example showing how to handle TLS writes.
 .Bd -literal -offset indent
 \&...
 while (len > 0) {
        ret = tls_write(ctx, buf, len, &num_written);
+        if (ret == TLS_WANT_POLLIN || ret == TLS_WANT_POLLOUT) {
-        if (ret == TLS_READ_AGAIN || ret == TLS_WRITE_AGAIN) {
+                /* Retry - use select to wait for non-blocking. */
-                /* retry.  May use select to wait for nonblocking */
        } else if (ret < 0) {
                return -1;
        } else {

diff --git a/src/lib/libtls/tls_init.3 b/src/lib/libtls/tls_init.3 index 70493fae03..6389a96722 100644 --- a/src/lib/libtls/tls_init.3 +++ b/src/lib/libtls/tls_init.3
@@ -1,4 +1,4 @@
1	.\" $OpenBSD: tls_init.3,v 1.29 2015/09/10 11:21:08 jsing Exp $	1	.\" $OpenBSD: tls_init.3,v 1.30 2015/09/10 13:23:57 jsing Exp $
2	.\"	2	.\"
3	.\" Copyright (c) 2014 Ted Unangst <tedu@openbsd.org>	3	.\" Copyright (c) 2014 Ted Unangst <tedu@openbsd.org>
4	.\"	4	.\"
@@ -442,32 +442,25 @@ and
442	.Fn tls_close	442	.Fn tls_close
443	functions have two special return values:	443	functions have two special return values:
444	.Pp	444	.Pp
445	.Bl -tag -width "TLS_WRITE_AGAIN" -offset indent -compact	445	.Bl -tag -width "TLS_WANT_POLLOUT" -offset indent -compact
446	.It Dv TLS_READ_AGAIN	446	.It Dv TLS_WANT_POLLIN
447	A read operation is necessary to continue.	447	The underlying read file descriptor needs to be readable in order to continue.
448	.It Dv TLS_WRITE_AGAIN	448	.It Dv TLS_WANT_POLLOUT
449	A write operation is necessary to continue.	449	The underlying write file descriptor needs to be writeable in order to continue.
450	.El	450	.El
451	.Pp	451	.Pp
452	There are underlying TLS engine read or write operations which may	452	In the case of blocking file descriptors, the same function call should be
453	not correspond with the name of the function called.	453	repeated immediately.
454	For example, it is possible to receive a	454	In the case of non-blocking file descriptors, the same function call should be
455	.Dv TLS_READ_AGAIN	455	repeated when the required condition has been met.
456	even when calling
457	.Fn tls_write .
458	.Pp
459	While there are cases where these functions will return one or the
460	other or both, the best practice is to always check for both.
461	In all cases the same function call should be repeated.
462	.Sh EXAMPLES	456	.Sh EXAMPLES
463	Example showing how to handle partial TLS writes.	457	Example showing how to handle TLS writes.
464	.Bd -literal -offset indent	458	.Bd -literal -offset indent
465	\&...	459	\&...
466	while (len > 0) {	460	while (len > 0) {
467	ret = tls_write(ctx, buf, len, &num_written);	461	ret = tls_write(ctx, buf, len, &num_written);
468		462	if (ret == TLS_WANT_POLLIN \|\| ret == TLS_WANT_POLLOUT) {
469	if (ret == TLS_READ_AGAIN \|\| ret == TLS_WRITE_AGAIN) {	463	/* Retry - use select to wait for non-blocking. */
470	/* retry. May use select to wait for nonblocking */
471	} else if (ret < 0) {	464	} else if (ret < 0) {
472	return -1;	465	return -1;
473	} else {	466	} else {