[openssl-users] SSL_connect returns SSL_ERROR_SYSCALL and errno == EWOULDBLOCK

Matt Caswell matt at openssl.org
Fri Sep 7 09:24:28 UTC 2018



On 07/09/18 09:16, Jahn, Gerhard wrote:
> Hi,
>  
> We are using OpenSSl 1.0.2n in our server running on LINUX.
> We call SSL_connect() on async socket (after TCP connect completion) to
> establish a secure connection.
> According to DOC SSL_get_error(() has to be called if SSL_connect()
> returns <=0
>  
> We do not understand what to do if SSL_get_error(() returns
> SSL_ERROR_SYSCALLand errno is EWOULDBLOCK
> If SSL_get_error returns SSL_ERROR_WANT_READ or SSL_ERROR_WANT_WRITE it
> pretty clear what to do…
> (we set the socket descriptor either in the readfds or writefds and call
> select to wait until the socket becomes readable or writeable (or times-out)
> But when EWOULDBLOCK is indicated, we do not know whether to wait for
> readable/writeable……
> (setting both might be an idea but could easily lead to a live-loop as
> we suppose that the handshake either waits for a read or for a write but
> not both…

That's quite a surprising result. Possibly intervening code somewhere
between the sys call and where you check errno has changed its value?

The "correct" answer is that if you get SSL_ERROR_SYSCALL then the
connection has failed and you shouldn't use that connection any more.
Have you checked the openssl error stack for any reported issues?

Matt



>  
> Any ideas?
> Thanks
>  
> Mit freundlichen Grüßen/Best regards,
> *____________
> **Gerhard Jahn*
> 
> Identity and Access Management
>  
> Phone:  +49 (211) 399-33276
> Phone:  +49 (211) 399-22891
> Email: _gerhard.jahn at atos.net_ <mailto:gerhard.jahn at atos.net>
> Otto-Hahn-Ring 6
> 81739 München, Germany
> de.atos.net
> 
> Atos Information Technology GmbH; Geschäftsführung: Winfried Holz, Udo
> Littke; Vorsitzender des Aufsichtsrats: N.N.; Sitz der Gesellschaft:
> München; Registergericht: München, HRB 235509.
> 
> Diese E-Mail und etwaige Anlagen enthalten firmenvertrauliche
> Informationen, die ausschließlich für den Empfänger bestimmt sind.
> Sollten Sie diese E-Mail irrtümlich erhalten haben, benachrichtigen Sie
> bitte unverzüglich den Absender per Antwort-Mail und löschen Sie diese
> E-Mail nebst Anlagen von Ihrem System. Da die Integrität innerhalb des
> Internets nicht zu gewährleisten ist, kann die Atos Gruppe für die
> Inhalteder Nachricht kein Haftung übernehmen. Obwohl der Absender
> anstrebt ein virusfreies Computernetzwerk sicherzustellen, kann der
> Absender nicht gewährleisten, dass diese E-Mail virusfrei ist und wird
> damit keine Haftung bei Schäden auf Grund einer Virusübermittlung
> übernehmen.
> 
> This e-mail and the documents attached are confidential and intended
> solely for the addressee; it may also be privileged. If you receive this
> e-mail in error, please notify the sender immediately and destroy it. As
> its integrity cannot be secured on the Internet, the Atos group
> liability cannot be triggered for the message content. Although the
> sender endeavors to maintain a computer virus-free network, the sender
> does not warrant that this transmission is virus-free and will not be
> liable for any damages resulting from any virus transmitted.
>  
>  
>  
>  
> 
> 


More information about the openssl-users mailing list