The SSL/TLS protocol has four sub-protocols and message types:
What does SSL_read() return (for a blocking socket) if the record received was NOT an Application message? And if it does return non-zero, how is the caller supposed to know what to do with it?
I don't see what the caller/client can do with the 3 non-Application messages, they seem more like internal state for SSL.
If it returns 0 bytes, this will be confusing for a blocking socket.
If it returns > 0 bytes, the caller would this an Application message has been received? (there is no flag returned to the caller to indicate the record type).
I am looking at the source code but it's not clear.
SSL_read will only return data retrieved from application records. Any other messages received will only change the internal state of the SSL session, like proceeding with the SSL handshake (if not previously finished), saving session tickets for later use or closing the connection (on shutdown alert).
If this internal change of the SSL session results in the session getting closed or invalid (like when getting an alert), then SSL_read will return with an error and the reason can be retrieved using SSL_get_error.