Re: [openssl.org #514] Bug in OpenSSL????

Fri, 21 Feb 2003 12:17:52 -0800 


Bodo Moeller via RT wrote:

>On Wed, Feb 19, 2003 at 06:10:13PM +0100, Ralph via RT wrote:
>
>  
>
>>on AIX (64bit) I noticed a major problem with non-blocking sockets. 
>>Methods SSL_connect(), SSL_read() and SSL_write() should return 
>>SSL_ERROR_WANT_READ or SSL_ERROR_WANT_WRITE if they need to complete 
>>their tasks but the socket couldn't handle all the work.
>>
>>But instead, the methods return SSL_ERROR_SYSCALL when the underlying 
>>socket gave errno=EWOULDBLOCK or errno=EAGAIN (means: the application 
>>should retry with these functions if it has not been completed, yet) 
>>from their respective functions (read() and write()).
>>
>>For these specific system error numbers, the SSL functions should return 
>>SSL_ERROR_WANT_* return codes, shouldn't they?
>>    
>>
>
>  
>
>>PS: However, on AIX 4.2 and earlier, this didn't seem to be a problem. 
>>Funny, isn't it? (But these versions are not supported by IBM anymore!)
>>    
>>
>
>It's not SSL_connect() etc. that will return these error codes,
>it's SSL_get_error().  But probably you meant that, or you would
>not get SSL_ERROR_SYSCALL.
>
>Can you tell what is going on by looking at the definition of
>SSL_get_error (ssl/ssl_lib.c) and BIO_sock_should_retry and
>BIO_sock_non_fatal_error (crypto/bio/bss_bio.c)?  You might want to
>add some debugging output in BIO_sock_non_fatal_error().
>
>  
>

Hi Bodo,

you're right with the statement about the functions. Sorry, did the work 
a few weeks ago. :-)

I need to further trace it down. Just by inspecting the code I cannot 
see the cause for it. This will take a week 'cause I need access to an 
AIX 5.1 machine and cannot do this here from home.

But so far, I can tell you that when SSL_get_error() returns 
SSL_ERROR_SYSCALL and you inspect errno, it tells EWOULDBLOCK or EAGAIN. 
By  repeating the SSL_* call as long as this condition occurs, I can 
overcome the problem and the SSL handshake and communication works 
perfectly. Oh...it's in a multi-threaded application, too! Maybe this 
helps (OpenSSL compiled with the correct switch for MT - I hope)

I'll get back to you next week (Thursday or Friday)

Ralph


______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]























					Reply via email to