[openssl-users] SSL_shutdown return error when close in init state(openssl 1.1.0)
李明
mid_li at 163.com
Tue Apr 18 01:56:01 UTC 2017
Hello
I'm using open1.1.0e in async mode with intel QuickAssist Engine to handle https connections, but there's some problem.
I use apache benchmark tool to test thehttps connections, the description is as follow:
client(ab)-------------------------- server(my program)
<---------TCP handshake---------------->
-------------ssl client hello--------------->
<---------server hello,certicate...---------
-----------client key exchange....-------->
//here, server's SSL_do_handshake reutrns SSL_ERROR_WANT_ASYNC repeatly,
-----------FIN+ACK---------------------->
//client want to close the connection, then, server should close ssl connection ,In program, I intend to close SSL connections in quiet mode:
SSL_set_quiet_shutdown(ssl,1);
SSL_shutdown(ssl);
but SSL_shutdown returns SSL_ERROR_SSL, because SSL_in_init(s) return true.
int SSL_shutdown(SSL *s)
{
/*
* Note that this function behaves differently from what one might
* expect. Return values are 0 for no success (yet), 1 for success; but
* calling it once is usually not enough, even if blocking I/O is used
* (see ssl3_shutdown).
*/
if (s->handshake_func == NULL) {
SSLerr(SSL_F_SSL_SHUTDOWN, SSL_R_UNINITIALIZED);
return -1;
}
if (!SSL_in_init(s)) {
if ((s->mode & SSL_MODE_ASYNC) && ASYNC_get_current_job() == NULL) {
struct ssl_async_args args;
args.s = s;
args.type = OTHERFUNC;
args.f.func_other = s->method->ssl_shutdown;
return ssl_start_async_job(s, &args, ssl_io_intern);
} else {
return s->method->ssl_shutdown(s);
}
} else {
SSLerr(SSL_F_SSL_SHUTDOWN, SSL_R_SHUTDOWN_WHILE_IN_INIT);
return -1;
}
}
I'm confused, what should I do here ???
(1) just call SSL_free(ssl) to free SSL connection, then the async engine may callback and using SSL's waitctx, which cause crash. Also I noticed that SSL's job doesn't free neither, which may cause memory leak;
(2)continue call SSL_shutdown(ssl), and it will always return SSL_ERROR_SSL
Is anybody know? thanks
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20170418/75dcc8dc/attachment-0001.html>
More information about the openssl-users
mailing list