I've spend a lot of time to figure this out, please update pyopenssl
PyOpenSSL doc says:
"pending() Retrieve the number of bytes that can be safely read
from the SSL buffer."
In SSL docs stay:
"SSL_pending() returns the number of bytes in the SSL buffer
that have been decrypted but not requested by SSL_read(). This
will occur when there is a mismatch between the number of bytes
requested by SSL_read() and the block size used to
encrypt/decrypt the data."
This means pending must call after socket.recv() to see how
many bytes left in SSL buffer. If you call pending before recv, it