[openssl-users] Crash in SSL_do_handshake: s->method->ssl_renegotiate_check(s)
Michael Clark
michael at metaparadigm.com
Sat Apr 4 19:46:56 UTC 2015
Hi,
I am trying to write the simplest possible example of an async TLS
client and server using non-blocking IO and
SSL_ERROR_WANT_READ/SSL_ERROR_WANT_WRITE events. The main purpose is to
test the async IO code paths with a). an absence of all of the complex
options in s_client and s_server, and b). self-contained source that is
easy to read.
I am having an issue where the server crashes on subsequent connections
*if* I close the connection file descriptor. See the note in
openssl_async_echo_server.cc on line 239. If I leak a file descriptor
and the next connection uses a new fd then the server works fine. Does
openssl have an internal map of file descriptors? Am I freeing the
connection correctly?
SSL_free(ssl_conn.ssl);
// TODO - crashes on subsequent connections in SSL_do_handshake if we
close the fd.
//
ssl_lib.c::SSL_do_handshake::s->method->ssl_renegotiate_check(s);
// Why? reuse of same fd number for subsequent connection?
// comment the following line and the server works but leaks fds
close(ssl_conn.conn_fd);
Here is the code:
https://github.com/michaeljclark/async_tls_test/blob/master/src/openssl_async_echo_server.cc
https://github.com/michaeljclark/async_tls_test/blob/master/src/openssl_async_echo_client.cc
Both files are standalone with no dependencies (one of the goals) and
can be compiled as so:
clang++ -std=c++11 openssl_async_echo_client.cc -lcrypto -lssl -o
openssl_async_echo_client
clang++ -std=c++11 openssl_async_echo_server.cc -lcrypto -lssl -o
openssl_async_echo_server
or alternatively they can be built using the Makefile in the git repo
which contains all dependencies beside openssl e.g. demo cert.pem,
key.pem and cacert.pem:
https://github.com/michaeljclark/async_tls_test/
e.g.
git clone https://github.com/michaeljclark/async_tls_test.git
cd async_tls_test
make
I would appreciate if anyone could help me out. It may well be a bug in
my demo code or it could be a bug in openssl.
I've used a smattering of C++1y where it simplifies the code (connection
hash table, poll descriptor management) but it is mostly plain C.
A simple example of a *working* async openssl client and server would be
quite useful...
Michael.
More information about the openssl-users
mailing list