In case anyone is following this thread, Matt's suggestion led to the solution. It turns out we weren't getting a packet from the remote end and all my angst was for naught. Thanks, Matt, for your help. N -----Original Message----- From: openssl-users [mailto:openssl-users-bounces@xxxxxxxxxxx] On Behalf Of Matt Caswell Sent: Tuesday, March 17, 2015 4:03 AM To: openssl-users at openssl.org Subject: Re: SSL_ERROR_WANT_READ but nothing to read On 17/03/15 00:51, Narada Hess wrote: > HI, > > I have a client application using a single read-write socket in > non-blocking mode. In C, on Linux, using openssl 1.0.1e. After the > connection is established and all the initial handshaking is done, the > client issues SSL_read(), then enters a loop of: > > - Interpret results (such as break upon socket close) > > - select() on the socket > > - SSL_read() again > > . . . until the expected number of bytes have been read. > > > > The first SSL_read() returns SSL_ERROR_WANT_READ and loops to attempt > to retry the operation. But select() indicates that the socket is not > readable, so we block forever and the server times out (the server had > written a record which the client never reads). > > > > I experimented by skipping the select() and just sleeping a little, > but in that case, infinite retries of SSL_read() did not help. > Another experiment was to try writing some arbitrary data. That > _/DID/_ seem to help and moved the protocol forwards a bit. But I > shouldn't have to do that - we have nothing to write until we have received the full read record. > > > > In case it matters, the server on the other end is an OpenDaylight > controller. Its logs indicate successful handshake, appropriate > cipher suite, etc. And my test client-server application using this > logic works just fine. Also, no SSL_writes() are happening during > this, or any other operation that would change the SSL* object state, AFAIK. > > > > I've tried Wireshark on this, but I have not been able to glean too > much from it, as everything is encrypted and also it seems to be > showing transport sized packets of 15xx bytes instead of application > sized records - could that be pointing at the problem? I did not set > the read_ahead option. > > > > Any ideas? I have spent hours reading the SSL documentation (such as > SSL_get_error) and many, many posts and answers, plus several SSL > books. It seems that I am doing the right thing here. So why is > select() blocking? There is no outstanding write operation, so > shouldn't a retry of SSL_read() clear any handshake/renegotiation stuff? > Are you sure the record that the server wrote actually got sent across the network? Have you tried connecting to the server using s_client? Does that succeed? Matt _______________________________________________ openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
