Hi,
The problem happens most obviously when connecting large numbers
of sockets at once, and it happens on the accepting (server) side.
In the example where I have a test client application opening 500
sockets at maximum speed to a test server, almost every single
connection will get set up properly and begin communicating
quite well. But there's a few that end badly, not because of an
SSL error but because I seem to get out of sync with what SSL
needs. Every time, things break down because there's data
waiting on the socket that SSL doesn't read. In every case
this fails, FIONREAD tells me 51 bytes before read, 51 after.
This can happen during the setup phase, where I am calling
SSL_accept; in these cases SSL_accept() never returns 1, tells
me SSL_ERROR_WANT_READ, yet stops reading from the socket.
The other case, which happens less often, is that immediately
after SSL_accept() returns 1 and I mark the connection as
being ready for business, I will get 51 bytes on the socket
- yet my test client has not yet started sending data; the
51 bytes are apparently left over from negotiation, sent by
SSL on the client side, despite SSL_accept() on my side
thought the negotiation was successful.
MY CODE:
I'm using OpenSSL on non-blocking sockets, using a few threads to
handle select loops and event handling. All critical sections
are threadsafe, including calls to SSL; no overlapping calls
are possible. I need to handle well over 1000 active SSL
connections, so things are performance tuned. I use a per-
connection status indicator to know what SSL action is
pending each time I get a network event. These are the states
I handle (probably overkill but I wasn't sure of all the
possible cases so covered all indicated, OnReceive and OnSend
are my FD_READ/FD_WRITE select event handlers):
* setup: + an OnReceive SSL_accept() or SSL_connect() is pending
setup: + an OnSend SSL_accept() or SSL_connect() is pending
shutdown: + an OnReceive SSL_shutdown() is pending
shutdown: + an OnSend SSL_shutdown() is pending
writing: + an OnReceive SSL_write() is pending
* writing: + an OnSend SSL_write() is pending
* reading: + an OnReceive SSL_read() is pending
reading: + an OnSend SSL_read() is pending
The stars indicate states I know for sure happen.
I'm using the 0.9.6 release of SSL on the Win32 platform with
tests running on Win2K Pro. All my code is C++.
Any thoughts are appreciated - cheers.
Jesse
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
