On OpenSSL/Android, only schedule transport socket reads when the transport socket buffer is empty.

net/socket/ssl_client_socket_openssl.cc

Index: net/socket/ssl_client_socket_openssl.cc
diff --git a/net/socket/ssl_client_socket_openssl.cc b/net/socket/ssl_client_socket_openssl.cc
index 37b494a7a825bc6462c444314f38303aecda11ce..158d88f8324b3ed363eb25ff11c8a537818d46fc 100644
--- a/net/socket/ssl_client_socket_openssl.cc
+++ b/net/socket/ssl_client_socket_openssl.cc
@@ -1044,6 +1044,24 @@ int SSLClientSocketOpenSSL::BufferRecv(void) {
   if (transport_recv_busy_)
     return ERR_IO_PENDING;
 
+  // Determine how much was requested from |transport_bio_| that was not
+  // actually available.
+  size_t requested = BIO_ctrl_get_read_request(transport_bio_);
+  if (requested == 0) {
+    // This is not a perfect match of error codes, as no operation is
+    // actually pending. However, returning 0 would be interpreted as
+    // a possible sign of EOF, which is also an inappropriate match.
+    return ERR_IO_PENDING;
+  }

[Ryan Sleevi, 2012/12/19 00:23:46]

Note that the only time this is called is line 985 (in DoTransportIO). I could
move this check into there, if you think it will be clearer, but I put it here
so that it can be constrasted with the description on line 1057

+
+  // Known Issue: While only reading |requested| data is the more correct
+  // implementation, it has the downside of resulting in frequent reads:

[wtc, 2012/12/19 00:51:21]

As long as the extra received data is not discarded, this
implementation is also correct and has better performance.
I would definitely do this to minimize the number of system
calls. So doing it this way isn't an issue.

+  // One read for the SSL record header (~5 bytes) and one read for the SSL
+  // record body. Rather than issuing these reads to the underlying socket
+  // (and constantly allocating new IOBuffers), a single Read() request to
+  // fill |transport_bio_| is issued. As long as an SSL client socket cannot
+  // be gracefully shutdown (via SSL close alerts) and re-used for non-SSL
+  // traffic, this over-subscribed Read()ing will not cause issues.

[wtc, 2012/12/19 00:51:21]

SSLClientSocket does not support this usage. The Disconnect
method calls the Disconnect method of the transport socket.

[Ryan Sleevi, 2012/12/19 00:53:39]

Correct. That's why I went this route, but added it as a "Known Issue" in the
event our socket implementation ever needed to change.

   size_t max_write = BIO_ctrl_get_write_guarantee(transport_bio_);
   if (max_write > kMaxRecvBufferSize)
     max_write = kMaxRecvBufferSize;