Type: bug report OS: iOS (but may affect other platforms, mobile in particular) OpenSSL versions: confirmed in 1.0.0.h and 1.0.1 Beta 3
Bug: int BIO_sock_non_fatal_error(int err) in crypto/bio/bss_sock.c returns 1 for ENOTCONN which causes SSL_read to return SSL_ERROR_WANT_READ. In at least some cases, ENOTCONN is fatal. In those cases, the SSL_read caller (in my case, libcurl), ends up calling SSL_read infinitely. This occurs repeatably on iOS and possibly other mobile platforms which tend to tear down socket connections if an app becomes inactive. My workaround has been simply not to include ENOTCONN in the non-fatal codes. This doesn't have any negative side effects in my testing but I'm not sure if it might in general. I don't know enough whether ENOTCONN might be validly returned before TCP handshaking has finished and if, in that case, if the flow of SSL connection creation might go through this function. If that were the case, it seems like it's going to take more significant refactoring to be able to tell from connection context whether ENOTCONN is fatal or not. ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
