|
We are using openssl for client-side HTTP connections. Sometimes they get randomly hanging during SSL handshake. It looks like there are some network or server-side problems, earlier the same server was responding with an
error like: SSL_write() failed with error code: SSL_ERROR_SYSCALL According to google this means: The SSL_ERROR_SYSCALL with errno value of 0 indicates unexpected EOF from the peer. Later another request is made to the same server, which hangs indefinitely. Stack backtrace in gdb: #0 0x00007ff999c54ab4 in read () #1 0x00007ff97c9f91b6 in sock_read () #2 0x00007ff97c9f7b70 in bread_conv () #3 0x00007ff97c9f67d1 in bio_read_intern () #4 0x00007ff97c9f68be in BIO_read () #5 0x00007ff97c983ff9 in ssl3_read_n () #6 0x00007ff97c9887fb in ssl3_get_record () #7 0x00007ff97c986aa1 in ssl3_read_bytes () #8 0x00007ff97c9c62c6 in tls_get_message_header () #9 0x00007ff97c9b7135 in read_state_machine () #10 0x00007ff97c9b6dec in state_machine () #11 0x00007ff97c9b68f2 in ossl_statem_connect () #12 0x00007ff97c9a14eb in SSL_do_handshake () #13 0x00007ff97c99d54c in SSL_connect () My question is, what I can do on the client side to debug the problem, or at least to avoid such hanging? I guess I can set socket read timeout beforehand, and reset it after handshake, or is there a better way? This is
openssl 1.1, would it make sense to switch over to openssl 3.0? Or maybe I have missed some client-side configuration? Currently I’m using just these calls to add SSL capability to an open TCP socket (error handling left out from here for brevity): SSL_library_init(); OpenSSL_add_all_algorithms(); SSL_load_error_strings(); const SSL_METHOD *method = TLS_client_method(); auto context_ = SSL_CTX_new(method); SSL_CTX_set_default_verify_paths(context_); SSL_set_tlsext_host_name(ssl_, host.c_str()); Any advice? TIA Paavo |
