[openssl-users] Crash in SSL_do_handshake: s->method->ssl_renegotiate_check(s)

Michael Clark michael at metaparadigm.com
Sat Apr 4 19:46:56 UTC 2015


Hi,

I am trying to write the simplest possible example of an async TLS
client and server using non-blocking IO and
SSL_ERROR_WANT_READ/SSL_ERROR_WANT_WRITE events. The main purpose is to
test the async IO code paths with a). an absence of all of the complex
options in s_client and s_server, and b). self-contained source that is
easy to read.

I am having an issue where the server crashes on subsequent connections
*if* I close the connection file descriptor. See the note in
openssl_async_echo_server.cc on line 239. If I leak a file descriptor
and the next connection uses a new fd then the server works fine. Does
openssl have an internal map of file descriptors? Am I freeing the
connection correctly?

  SSL_free(ssl_conn.ssl);
  // TODO - crashes on subsequent connections in SSL_do_handshake if we
close the fd.
  //       
ssl_lib.c::SSL_do_handshake::s->method->ssl_renegotiate_check(s);
  //        Why? reuse of same fd number for subsequent connection?
  //        comment the following line and the server works but leaks fds
  close(ssl_conn.conn_fd);

Here is the code:

 
https://github.com/michaeljclark/async_tls_test/blob/master/src/openssl_async_echo_server.cc
 
https://github.com/michaeljclark/async_tls_test/blob/master/src/openssl_async_echo_client.cc

Both files are standalone with no dependencies (one of the goals) and
can be compiled as so:

  clang++ -std=c++11 openssl_async_echo_client.cc -lcrypto -lssl -o
openssl_async_echo_client
  clang++ -std=c++11 openssl_async_echo_server.cc -lcrypto -lssl -o
openssl_async_echo_server

or alternatively they can be built using the Makefile in the git repo
which contains all dependencies beside openssl e.g. demo cert.pem,
key.pem and cacert.pem:

  https://github.com/michaeljclark/async_tls_test/

e.g.

  git clone https://github.com/michaeljclark/async_tls_test.git
  cd async_tls_test
  make

I would appreciate if anyone could help me out. It may well be a bug in
my demo code or it could be a bug in openssl.

I've used a smattering of C++1y where it simplifies the code (connection
hash table, poll descriptor management) but it is mostly plain C.

A simple example of a *working* async openssl client and server would be
quite useful...

Michael.



More information about the openssl-users mailing list