[openssl-users] SSL_shutdown return error when close in init state(openssl 1.1.0)

李明 mid_li at 163.com
Tue Apr 18 01:56:01 UTC 2017


Hello
 I'm using open1.1.0e in async mode with intel QuickAssist Engine to handle https connections, but there's some problem.
I use  apache benchmark tool to test thehttps connections,  the description is as follow:


 client(ab)-------------------------- server(my program)

<---------TCP handshake---------------->
-------------ssl client hello--------------->
<---------server hello,certicate...---------
-----------client key exchange....-------->
//here, server's SSL_do_handshake reutrns SSL_ERROR_WANT_ASYNC repeatly,

-----------FIN+ACK---------------------->


//client want to close the connection, then, server should close ssl connection ,In program, I intend to close SSL connections in quiet mode:
SSL_set_quiet_shutdown(ssl,1);
SSL_shutdown(ssl);


but SSL_shutdown returns SSL_ERROR_SSL, because SSL_in_init(s) return true.
int SSL_shutdown(SSL *s)
{
    /*
     * Note that this function behaves differently from what one might
     * expect.  Return values are 0 for no success (yet), 1 for success; but
     * calling it once is usually not enough, even if blocking I/O is used
     * (see ssl3_shutdown).
     */


    if (s->handshake_func == NULL) {
        SSLerr(SSL_F_SSL_SHUTDOWN, SSL_R_UNINITIALIZED);
        return -1;
    }


    if (!SSL_in_init(s)) {
        if ((s->mode & SSL_MODE_ASYNC) && ASYNC_get_current_job() == NULL) {
            struct ssl_async_args args;


            args.s = s;
            args.type = OTHERFUNC;
            args.f.func_other = s->method->ssl_shutdown;


            return ssl_start_async_job(s, &args, ssl_io_intern);
        } else {
            return s->method->ssl_shutdown(s);
        }
    } else {
        SSLerr(SSL_F_SSL_SHUTDOWN, SSL_R_SHUTDOWN_WHILE_IN_INIT);
        return -1;
    }
}



I'm confused, what should I do here ???
(1) just call SSL_free(ssl) to free SSL connection, then the async engine may callback and using SSL's waitctx, which cause crash.  Also I noticed that SSL's job doesn't free neither, which may cause memory leak;


(2)continue call SSL_shutdown(ssl),  and it will always return SSL_ERROR_SSL


Is anybody know? thanks  




 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20170418/75dcc8dc/attachment-0001.html>


More information about the openssl-users mailing list