SSL_pending() returns the number of bytes which are available inside ssl for immediate read.
Data are received in blocks from the peer. Therefore data can be buffered inside ssl and are ready for immediate retrieval with SSL_read(3).
SSL_pending() takes into account only bytes from the TLS/SSL record that is currently being processed (if any). If the SSL object's read_ahead flag is set (see SSL_CTX_set_read_ahead(3)), additional protocol bytes may have been read containing more TLS/SSL records; these are ignored by SSL_pending().
Up to OpenSSL 0.9.6, SSL_pending() does not check if the record type of pending data is application data.