On OpenSSL/Android, only schedule transport socket reads when the transport socket buffer is empty.

net/socket/ssl_client_socket_openssl.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 // OpenSSL binding for SSLClientSocket. The class layout and general principle
 // of operation is derived from SSLClientSocketNSS.
 
 #include "net/socket/ssl_client_socket_openssl.h"
 
 #include <openssl/ssl.h>
@@ skipping 1026 matching lines @@
     DCHECK_GE(send_buffer_->BytesRemaining(), 0);
     if (send_buffer_->BytesRemaining() <= 0)
       send_buffer_ = NULL;
   }
 }
 
 int SSLClientSocketOpenSSL::BufferRecv(void) {
   if (transport_recv_busy_)
     return ERR_IO_PENDING;
 
+  // Determine how much was requested from |transport_bio_| that was not
+  // actually available.
+  size_t requested = BIO_ctrl_get_read_request(transport_bio_);
+  if (requested == 0) {
+    // This is not a perfect match of error codes, as no operation is
+    // actually pending. However, returning 0 would be interpreted as
+    // a possible sign of EOF, which is also an inappropriate match.
+    return ERR_IO_PENDING;
+  }

[Ryan Sleevi, 2012/12/19 00:23:46]

Note that the only time this is called is line 985 (in DoTransportIO). I could
move this check into there, if you think it will be clearer, but I put it here
so that it can be constrasted with the description on line 1057

+
+  // Known Issue: While only reading |requested| data is the more correct
+  // implementation, it has the downside of resulting in frequent reads:

[wtc, 2012/12/19 00:51:21]

As long as the extra received data is not discarded, this
implementation is also correct and has better performance.
I would definitely do this to minimize the number of system
calls. So doing it this way isn't an issue.

+  // One read for the SSL record header (~5 bytes) and one read for the SSL
+  // record body. Rather than issuing these reads to the underlying socket
+  // (and constantly allocating new IOBuffers), a single Read() request to
+  // fill |transport_bio_| is issued. As long as an SSL client socket cannot
+  // be gracefully shutdown (via SSL close alerts) and re-used for non-SSL
+  // traffic, this over-subscribed Read()ing will not cause issues.

[wtc, 2012/12/19 00:51:21]

SSLClientSocket does not support this usage. The Disconnect
method calls the Disconnect method of the transport socket.

[Ryan Sleevi, 2012/12/19 00:53:39]

Correct. That's why I went this route, but added it as a "Known Issue" in the
event our socket implementation ever needed to change.

   size_t max_write = BIO_ctrl_get_write_guarantee(transport_bio_);
   if (max_write > kMaxRecvBufferSize)
     max_write = kMaxRecvBufferSize;
 
   if (!max_write)
     return ERR_IO_PENDING;
 
   recv_buffer_ = new IOBuffer(max_write);
   int rv = transport_->socket()->Read(
       recv_buffer_, max_write,
@@ skipping 265 matching lines @@
     net_log_.AddByteTransferEvent(NetLog::TYPE_SSL_SOCKET_BYTES_SENT, rv,
                                   user_write_buf_->data());
     return rv;
   }
 
   int err = SSL_get_error(ssl_, rv);
   return MapOpenSSLError(err, err_tracer);
 }
 
 }  // namespace net