SSL_ERROR_WANT_READ but nothing to read

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 




On 17/03/15 00:51, Narada Hess wrote:
> HI,
> 
> I have a client application using a single read-write socket in
> non-blocking mode. In C, on Linux, using openssl 1.0.1e.  After the
> connection is established and all the initial handshaking is done, the
> client issues SSL_read(), then enters a loop of:
> 
> -          Interpret results (such as break upon socket close)
> 
> -          select() on the socket
> 
> -          SSL_read() again
> 
> . . . until the expected number of bytes have been read.
> 
>  
> 
> The first SSL_read() returns SSL_ERROR_WANT_READ and loops to attempt to
> retry the operation.  But select() indicates that the socket is not
> readable, so we block forever and the server times out (the server had
> written a record which the client never reads).
> 
>  
> 
> I experimented by skipping the select() and just sleeping a little, but
> in that case, infinite retries of SSL_read() did not help.  Another
> experiment was to try writing some arbitrary data.  That _/DID/_ seem to
> help and moved the protocol forwards a bit.  But I shouldn?t have to do
> that ? we have nothing to write until we have received the full read record.
> 
>  
> 
> In case it matters, the server on the other end is an OpenDaylight
> controller.  Its logs indicate successful handshake, appropriate cipher
> suite, etc.  And my test client-server application using this logic
> works just fine.  Also, no SSL_writes() are happening during this, or
> any other operation that would change the SSL* object state, AFAIK.
> 
>  
> 
> I?ve tried Wireshark on this, but I have not been able to glean too much
> from it, as everything is encrypted and also it seems to be showing
> transport sized packets of 15xx bytes instead of application sized
> records ? could that be pointing at the problem?  I did not set the
> read_ahead option.
> 
>  
> 
> Any ideas?  I have spent hours reading the SSL documentation (such as
> SSL_get_error) and many, many posts and answers, plus several SSL
> books.  It seems that I am doing the right thing here.  So why is
> select() blocking?  There is no outstanding write operation, so
> shouldn?t a retry of SSL_read() clear any handshake/renegotiation stuff?
> 

Are you sure the record that the server wrote actually got sent across
the network?

Have you tried connecting to the server using s_client? Does that succeed?

Matt



[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux