SSL_Connect always returrns SSL_ERROR_WANT_READ/SSL_ERROR_WANT_WRITE and stuck in infinite loop

[Amit Prajapati]

Hi All,

I am using below code for creating SSL connection over a non-blocking
socket:
-----------------------------------------------------
    ssl_error = SSL_connect(ssl_ctxt);
    if (ssl_error <= 0) {
        ssl_error = SSL_get_error(ssl_ctxt, ssl_error);
        switch (ssl_error) {
            case SSL_ERROR_WANT_READ:
            case SSL_ERROR_WANT_WRITE:
                return RETRY;
            default:
                ERR_load_crypto_strings();
                printf("SSL_connect failed  %s:%d",
                           ERR_error_string(ERR_get_error(), NULL),
ssl_error);
                ERR_free_strings();
                return FAIL;
        }
    }
------------------------------------------------------------
As per Openssl doc, when above function returns RETRY, I am again
polling on my 'fd' with epoll_wait(), and retrying SSL_conn, below is the
pseudo code for it.
------------------------------------------
event.events  = EPOLLOUT;
event.data.fd = fd;
epoll_ctl(epoll_fd, EPOLL_CTL_ADD, fd, &event)
event_count = epoll_wait(epoll_fd, events, MAX_EVENTS, 1000);
if(event_count > 0) {
     //Call SSL_connect again.
}
-----------------------------------------------
Most of the time it's working fine, but sometimes I am observing that
connection is not getting established and SSL_connect always returns
SSL_ERROR_WANT_READ/SSL_ERROR_WANT_READ, which is resulting into an
infinite loop.

Can you please help me if there is something wrong in my code while
handling these errors? or How I can gracefully come out of this situation
and avoid infinite loop ?

Thanks in advance.

Regards,
Amit
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-users/attachments/20220320/2d8a51df/attachment.htm>