Re: SSL_accept core dumps..

Mon, 19 Jul 2004 10:10:39 -0700 

hello,
  sesssion handling functions must be called before SSL_accept. make sure
to flush sessions (SSL_CTX_flush_sessions) before calling routines for
session handling (SSL_CTX_sess_set_new_cb,
SSL_CTX_sess_set_get_cb,SSL_CTX_sess_set_remove_cb).

Also try cleaning up the structures before SSL_accept

    SSL_clear(ssl);
    SSL_set_session(ssl,NULL);
    SSL_set_accept_state(ssl);

modssl has the following comment about openssl's SSL_shutdown.

/*
** mod_ssl shutdown function call
*/
int SSL_smart_shutdown(SSL *ssl)
{
    int i;
    int rc;

    /*
     * Repeat the calls, because SSL_shutdown internally dispatches through a
     * little state machine. Usually only one or two interation should be
     * needed, so we restrict the total number of restrictions in order to
     * avoid process hangs in case the client played bad with the socket
     * connection and OpenSSL cannot recognize it.
     */

    rc = 0;
    for (i = 0; i < 4 /* max 2x pending + 2x data = 4 */; i++) {
        if ((rc = SSL_shutdown(ssl)))
            break;
    }

    return rc;
}




Cheers,
ganesh


> Hi ,
>
> My Secure server cores with dbx showing it in
> SSL_accept under the following scenario..
>
> 1) Establish a succesful connection with the client.
> 2) Data sent by client is read line by line using
> BIO_gets and simultaneously interpreted.
> 3) Due to an application error the complete data is
> not read from the SSL layer.
> 4) The connection is closed using calls SSL_shutdown,
> BIO_free_all, SSL_free.
> 5) Another client asks for a connection.
> 6) SSL is initialised
> 7) SSL_accept gives core
>
> I have noticed that things work fine when the complete
> data from the underlying SSL layer is read. But cores
> whenever incomplete data reading is done in the
> previous session.
>
> Please let me know if there are any inputs so that I
> could proceed to solve this.
>
> Thanks and Regards,
> Rohit
> ______________________________________________________________________
> OpenSSL Project                                 http://www.openssl.org
> User Support Mailing List                    [EMAIL PROTECTED]
> Automated List Manager                           [EMAIL PROTECTED]



______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]

Reply via email to