Hi All,
I am using below code for creating SSL connection over a non-blocking socket:
-----------------------------------------------------
ssl_error = SSL_connect(ssl_ctxt);
if (ssl_error <= 0) {
ssl_error = SSL_get_error(ssl_ctxt, ssl_error);
switch (ssl_error) {
case SSL_ERROR_WANT_READ:
case SSL_ERROR_WANT_WRITE:
return RETRY;
default:
ERR_load_crypto_strings();
printf("SSL_connect failed %s:%d",
ERR_error_string(ERR_get_error(), NULL), ssl_error);
ERR_free_strings();
return FAIL;
}
}
if (ssl_error <= 0) {
ssl_error = SSL_get_error(ssl_ctxt, ssl_error);
switch (ssl_error) {
case SSL_ERROR_WANT_READ:
case SSL_ERROR_WANT_WRITE:
return RETRY;
default:
ERR_load_crypto_strings();
printf("SSL_connect failed %s:%d",
ERR_error_string(ERR_get_error(), NULL), ssl_error);
ERR_free_strings();
return FAIL;
}
}
------------------------------------------------------------
As per Openssl doc, when above function returns RETRY, I am again polling on my 'fd' with epoll_wait(), and retrying SSL_conn, below is the pseudo code for it.
------------------------------------------
event.events = EPOLLOUT;
event.data.fd = fd;
event.data.fd = fd;
epoll_ctl(epoll_fd, EPOLL_CTL_ADD, fd, &event)
event_count = epoll_wait(epoll_fd, events, MAX_EVENTS, 1000);
if(event_count > 0) {
//Call SSL_connect again.
}
-----------------------------------------------
Most of the time it's working fine, but sometimes I am observing that connection is not getting established and SSL_connect always returns SSL_ERROR_WANT_READ/SSL_ERROR_WANT_READ, which is resulting into an infinite loop.
Can you please help me if there is something wrong in my code while handling these errors? or How I can gracefully come out of this situation and avoid infinite loop ?
Thanks in advance.
Regards,
Amit