Re: How to prevent SSL from blocking from Network interruption

Thu, 19 Jul 2007 20:57:45 -0700 

David Schwartz wrote:

We are working on a threaded solution but right now we are using some
third-party code (Webs 2.18) which is single threaded.


That's fine, but if you using blocking calls in a single-threaded
application, you can really only handle one client at a time.

I know :( Which is why we are writing our own code now, but that doesn't 
fix the current problem.



I just let telnet connect and don't type anything. The connection
remains 'ESTABLISHED'. and no other client connections will work (e.g.
wclient2). This is basically the behavior we are seeing with our
application. A client connects and never sends any data, so it remains
connected, hence blocking any other client from communicating.


The application elected to block until the negotiation was finished. That's
a pretty dumb thing for an application to do.


This seems to me (in my very novice opinion) to be an issue with
openSSL, in the sense that if it doesn't get a handshake (or some other
data) on the connection it should close the connection after a period of
time.


OpenSSL tries to make SSL connections act like regular TCP connections. This
is exactly what TCP does. So your application would have this exact same
problem with or without OpenSSL. As such, how can you blame it on OpenSSL?

I suppose re-reading what I wrote it does sound like I am pointing a 
finger but that was not my intention. I'm looking for advice on how to 
fix our problem. I was hoping for a "silver bullet" - just call this 
function and all will be fine type of answer. Wishful thinking, I know.


Blocking socket operations are very difficult to use. I strongly urge you to
switch to non-blocking operations.

Having only done minimal socket programming, I'm in a bit of a steep 
learning curve right now. Other then understanding what a blocking and 
non-blocking operation is, I don't fully understand the ramifications of 
switching to non-blocking I/O. Compounding this issue is the third party 
code, which was clearly written with blocking I/O :(


I appreciate your time!

Thanks
-Jim

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager                           [EMAIL PROTECTED]






















					Reply via email to