[openssl-users] Sudden control data sent during large transfer.

J Decker d3ck0r at gmail.com
Mon Dec 25 21:57:10 UTC 2017


I found the real issue... recently I fixed a signed/unsigned comparison
warning by adding a (int) to the unsigned side, which made the result of
send() be compared differently, and was triggering when send() would return
-1 (with EAGAIN/WSAEWOULDBLOCK) would cause me to think it was a short send
( result < amount_to_send ) { /* sent less than full packet */ }  so I
ended up backing up the send offset by 1 byte instead of 0 bytes... this
was then injecting 1 extra byte into the TCP layer.


On Mon, Dec 25, 2017 at 1:38 PM, Jakob Bohm <jb-openssl at wisemo.com> wrote:

> On 23/12/2017 04:06, J Decker wrote:
>
>> How can I know what/why openssl is sending control data?
>>
>> It's variable by the time it starts sending 31 byte packets... Also
>> depends on the connection; although at this time I'm able to generate the
>> problem on localhost... I was able to transfer from a remote server to
>> myself with no issues...
>>
>> I think you need to be a lot more clear for anyone to understand your
> problem.
>
> What exactly do you mean by "control data"?
>

alerts/HelloRequest/renegotation?


>
> What is the layering of protocols here?
> Is it:
>    bulk data => WebSockets => TLS => TCP => network
>
> In what direction is the bulk data being sent: TLS client to TLS
> server or TLS server to TLS client?
>
server to client.

>
> In what direction is the initial 31 byte "control packet" being
> sent: TLS client to TLS server or TLS server to TLS client?
>
> client to server

> Also, if possible, could you report the (decrypted if applicable)
> content of those initial 31 bytes?  Perhaps also the later 31 byte
> packets (including their order of occurrence and direction of
> transmission)?
>
> Can you see what the "packets" are?
>

I wouldn't know the decrypted bytes because I would get them from the wbio
from the TLS Object.
Well that's kinda what I was more asking; can I somehow register a callback
for when alerts are generated so I can see what they are?  Otherwise I
really don't know.



>
> For example, are they TLS alert messages?
>
> Are they TLS HelloRequest messages?


>
> Enjoy
>
> Jakob
> --
> Jakob Bohm, CIO, Partner, WiseMo A/S.  https://www.wisemo.com
> Transformervej 29, 2860 Søborg, Denmark.  Direct +45 31 13 16 10
> This public discussion message is non-binding and may contain errors.
> WiseMo - Remote Service Management for PCs, Phones and Embedded
>
> --
> openssl-users mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20171225/e8dd619d/attachment-0001.html>


More information about the openssl-users mailing list