I have a SSL proxy server. Intermittently, SSL_read will fail. It's been
very hard for me to get debugging information because it is intermittent,
but I have a core dump now (I used an assert to get the core, the library
did not segfault or anything). This seems to happen even though the
connection appears to have successfully transferred data in the past.
Also, it's worth noting that this is a highly mutlithreaded server so it's
possible that many things are happening with the SSL library in other
threads, but I've tried to follow all the thread concurency rules, and
nothing else should be messing with the bios or ssl objects in use by this
thread.
Here's what happens:
SSL_read returns less than zero
SSL_get_error returns SSL_ERROR_SSL
Using ERR_get_error and ERR_error_string_n results in:
error:1409F080:SSL routines:SSL3_WRITE_PENDING:bio not set
error:1408A0E2:SSL routines:SSL3_GET_CLIENT_HELLO:clienthello tlsext
Bellow is some output from the core describing the ssl object and the bios.
If anybody could shed some light on this, I would really appreciate it.
One thing that may be different than most people that I have going on is
that I have a custom bio that is part of the chain to the client when the
connection is established and later removed, but the connection to the
server (What is producing this error) never sees any bio funny business, so
I don't think that should have any sort of impact.
(gdb) print *connptr->sbuffer->ssl
$5 = {version = 770, type = 4096, method = 0x7f136dff2880, rbio =
0x7f133052d640, wbio = 0x7f133052d640, bbio = 0x0, rwstate = 3,
in_handshake = 0, handshake_func = 0x7f136ddb8aa0, server = 0, new_session
= 0, quiet_shutdown = 0, shutdown = 0, state = 3, rstate = 240,
init_buf = 0x0, init_msg = 0x7f133056d644, init_num = 0, init_off = 0,
packet = 0x7f1360464153
"\027\003\002\f\340\371O\024\206\062\376RG\321\351i\223\005G\241lHTTP/1.1
200 OK\r\nDate: Tue, 12 Aug 2014 20:22:19 GMT\r\nContent-Type: text/xml;
charset=UTF-8\r\nTransfer-Encoding: chunked\r\nConnection:
keep-alive\r\nVary: Accept-Encoding\r\nStrict-Tran"..., packet_length = 0,
s2 = 0x0, s3 = 0x7f133035f0d0, d1 = 0x0, read_ahead = 0, msg_callback = 0,
msg_callback_arg = 0x0, hit = 0, param = 0x7f13301d5cf0, cipher_list = 0x0,
cipher_list_by_id = 0x0, mac_flags = 0, enc_read_ctx = 0x7f133057b530,
read_hash = 0x7f133057b4f0, expand = 0x0, enc_write_ctx = 0x7f133057ae50,
write_hash = 0x7f133057a8d0, compress = 0x0, cert = 0x7f133052d510,
sid_ctx_length = 0, sid_ctx = '\000' <repeats 31 times>, session =
0x7f1330413cc0, generate_session_id = 0, verify_mode = 0,
verify_callback = 0x456d19 <certificate_verification_callback+108>,
info_callback = 0, error = 0, error_code = 0, psk_client_callback = 0,
psk_server_callback = 0, ctx = 0x202bbb0, debug = 0, verify_result = 0,
ex_data = {sk = 0x0, dummy = 0}, client_CA = 0x0,
references = 1, options = 2147486719, mode = 0, max_cert_list = 102400,
first_packet = 0, client_version = 770, max_send_fragment = 16384,
tlsext_debug_cb = 0, tlsext_debug_arg = 0x0, tlsext_hostname =
0x7f133026fd90 "lastpass.com", servername_done = 0,
tlsext_status_type = -1, tlsext_status_expected = 0, tlsext_ocsp_ids =
0x0, tlsext_ocsp_exts = 0x0, tlsext_ocsp_resp = 0x0, tlsext_ocsp_resplen =
-1, tlsext_ticket_expected = 1, tlsext_ecpointformatlist_length = 3,
tlsext_ecpointformatlist = 0x7f133011aa90 "",
tlsext_ellipticcurvelist_length = 50, tlsext_ellipticcurvelist =
0x7f13302f5090 "", tlsext_opaque_prf_input = 0x0,
tlsext_opaque_prf_input_len = 0, tlsext_session_ticket = 0x0,
tls_session_ticket_ext_cb = 0, tls_session_ticket_ext_cb_arg = 0x0,
tls_session_secret_cb = 0, tls_session_secret_cb_arg = 0x0, initial_ctx =
0x202bbb0, next_proto_negotiated = 0x0, next_proto_negotiated_len = 0
'\000', srtp_profiles = 0x0, srtp_profile = 0x0, tlsext_heartbeat = 1,
tlsext_hb_pending = 0, tlsext_hb_seq = 0,
renegotiate = 0, srp_ctx = {SRP_cb_arg = 0x0,
TLS_ext_srp_username_callback = 0, SRP_verify_param_callback = 0,
SRP_give_srp_client_pwd_callback = 0, login = 0x0, N = 0x0, g = 0x0, s =
0x0, B = 0x0, A = 0x0, a = 0x0, b = 0x0, v = 0x0, info = 0x0, strength =
1024,
srp_Mask = 0}}
(gdb) print *connptr->sbuffer->ssl->rbio
$6 = {method = 0x7f136db8a5e0, callback = 0, cb_arg = 0x0, init = 1,
shutdown = 0, flags = 9, retry_reason = 0, num = 91, ptr = 0x0, next_bio =
0x0, prev_bio = 0x0, references = 1, num_read = 7752, num_write = 2188,
ex_data = {sk = 0x0, dummy = 862740789}}
(gdb) print *connptr->sbuffer->ssl->wbio
$7 = {method = 0x7f136db8a5e0, callback = 0, cb_arg = 0x0, init = 1,
shutdown = 0, flags = 9, retry_reason = 0, num = 91, ptr = 0x0, next_bio =
0x0, prev_bio = 0x0, references = 1, num_read = 7752, num_write = 2188,
ex_data = {sk = 0x0, dummy = 862740789}}
--
*David Hinkle*
*Senior Software Developer*
*Phone:* 800.243.3729x3000
*Email:* hin...@cipafilter.com
*Hours:* Mon-Fri 8:00AM-5:00PM (CT)
