Tan -
Ah ha, they'er quicker than I thought they would be. Below, is the method that they're using to create threads using SSL:
First off, we are Pre-Threading (creating before used, never deleting)
// declared globally SSL_METHOD *my_ssl_method; SSL_CTX *my_ssl_ctx; // end of globally declare
//in our main function SSL_CTX_use_certificate_file(my_ssl_ctx,"our.pem",SSL_FILETYPE_PEM); SSL_CTX_use_PrivateKey_file(my_ssl_ctx,"our.pem",SSL_FILETYPE_PEM);
for (x = 0; x < nchildren; x++)
result = pthread_create(&thread_id, NULL, thread_proc, (void *)
my_fd);
//in our thread_proc function
if((my_ssl = SSL_new(my_ssl_ctx)) == NULL) {
cout << "SSL_new failed..." << endl;
ERR_print_errors_fp(stderr);
}else {
SSL_set_fd(my_ssl,client_fd);
accepted = SSL_accept(my_ssl);
if(accepted <= 0){
cout <<"SSL_accept failed..." << "accepted = " <<
// this is where we suspect that SSL fails
accepted << endl;
ERR_print_errors_fp(stderr);
// this is where we encounter the error
if (my_ssl != NULL)
{
SSL_shutdown(my_ssl);
SSL_free(my_ssl);
}
close(client_fd);
}else { //creating our thread a this pointI hope this helps.
Thanks! -dant
Tan Eng Ten wrote:
I'm no expert either, but could u show some code snippets on how u handle threads and these 2 very important structures -- SSL and SSL_CTX. I suspect that your threads might be re-initializing SSL_CTX. And when that happens under heavy load, the problem you described might occur.
dan trainor wrote:
Good Afternoon, all -
We are developing an application in-house that is using
openssl-0.9.7a-40 and openssl-devel-0.9.7a-40 under Fedora Core 3. When compiled and linked against this version, we receive the
following errors intermittently:
18750:error:1408F455:SSL routines:SSL3_GET_RECORD:decryption failed or bad record mac:s3_pkt.c:424:
I thought this was perhaps something goofy in this particular distribution of OpenSSL, so I linked and compiled againsg openssl-0.9.7.g, and when doing so, we have encountered another error:
28437:error:140B544E:SSL routines:SSL_GET_NEW_SESSION:ssl session id callback failed:ssl_sess.c:220:
...and our app fails to run completely. I'm a bit new to using OpenSSL with custom applications altogether, so I'd like to get some information from this list on the first error, "decryption failed or bad record mac". We'd like to use the FC3 packages of OpenSSL because it would just make life simpler.
Our program is a multi-threaded application that relies on our .pem
key to encrypt messages via SSL when it is communicating with the
"client" program. One theory that we've put together is perhaps our
.pem is being opened twice at the same time, resulting in this error. Our application does not fail under very little load, but it seems
that the more we hammer on it with our test utilities, the more we see
this error. It does not halt the program itself, but it does destroy
the data being transmitted across the wire. This, we do not want.
We were also wondering if there was a more extensive or expressive error listing document where we could reference this error to the exact problem.
I'd like to appologize in advance for maybe not explaining myself in a more understandable manner. Like I said, this is all a bit new to me, but I want to start doing this type of programming on the right foot, and learning good habits, opposed to bad ones.
Thanks for your time -dant ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
