[openssl-users] OpenSSL non-blocking epoll hanging on data receiving

Matt Caswell matt at openssl.org
Fri May 27 13:43:41 UTC 2016



On 27/05/16 13:23, counterpoint wrote:
> Thanks for the comments, Matt.
> 
>> read_ahead and SSL_pending() do not play nicely together unfortunately.
>> See the master (1.1.0) version of the SSL_pending() documentation which
>> discusses this issue and introduced the new function SSL_has_pending()
>> which addresses it:
> 
>> https://www.openssl.org/docs/manmaster/ssl/SSL_pending.html
> 
> I looked at SSL_has_pending, but can't easily use it as the software needs
> to build on standard distributions, as far as possible, and it isn't in e.g.
> CentOS 6.5
> 
>> So it sounds like this is during reading of application data? Has
>> SSL_accept() returned successfully, and you are now wanting to call
>> SSL_read()?
> 
> It's getting a lot further than that. The SSL_accept returns success, and a
> whole series of SSL_read and SSL_write calls look to be operating fine. It
> appears that most of the 500KB of data used in the test is transferred, but
> (probably near the end) the process hangs. Presumably SSL_pending is
> returning 0 and there are no further EPOLLIN events.  Or something like
> that.
> 
> I expected that turning off read ahead would fix both server and client, but
> it seems not. I've read all the configuration options I can find, but so far
> haven't found a solution to the server side application.

It would be interesting to know what the value of "s->s3->rbuf.left" is
(where "s" is your SSL object) when it gets to this point. SSL_pending()
tells you how much buffered and processed data is left that OpenSSL can
provide. The above value tells you how much buffered and raw
*unprocessed* data is left. If you've turned read_ahead off it should be
zero. I wouldn't recommend looking at that in a production app (you
won't be able to access it in 1.1.0) but for debugging purposes it would
be interesting.

Matt



More information about the openssl-users mailing list