[openssl-users] Response from server is lost on close

Thu Dec 3 03:15:54 UTC 2015

Thanks Jakob & Michael for your reply.
I'm using openssl to interact with apple's APNS server. Sending data as
fast as possible, most of the time APNS server don't reply, but in some
circumstance, APNS server will rely with a response and then close the
connection. So the RST is expected most of the time if APNS don't process
all received data.

At first i doubt this is maybe properties of TCP : tcp discard received
data on RST.  and i do some test on TCP not openssl.
1. client
write data until the connection is broken, sleep for a number of seconds,
then try to read. the response can be read.
2. server
on accept, don't read the data, sleep for a number of seconds. and write
some bytes ,then just exit.
here is result of tcpdump on closing:

09:50:10.188952 IP xx.90.82.138.irisa > 10.241.95.197.48252: Flags [P.],
seq 730306105:730306205, ack 1556413186
Connection was reset.,nop,TS val 118133437 ecr 511650777], length 100

09:50:10.188963 IP 10.241.95.197.48252 > xx.90.82.138.irisa: Flags [.], ack
100, win 6, options [nop,nop,TS val
511653112 ecr 118133437], length 0

09:50:10.188971 IP xx.90.82.138.irisa > 10.241.95.197.48252: Flags [R.],
seq 100, ack 1, win 39, options [nop,no
p,TS val 118133437 ecr 511650777], length 0

It seems that if data is placed in socket buffer, it can be read. So the
received package could be discard in TCP stack?

Thank you very much.

On Thu, Dec 3, 2015 at 7:53 AM, Michael Wojcik <
Michael.Wojcik at microfocus.com> wrote:

> Just to amplify on Jakob's response: the reason that sometimes you see the
> reply is that sometimes your application manages to get it from the stack
> before the stack receives and processes the RST from the peer. In the
> example you provided, there was a 52ms window in which you could have read
> that response before the RST told the stack to throw it away.
>

>
> If the conversation is aborting for cause - for example because the peer
> process exited without reading some received data - then this is the
> correct behavior. If the peer is causing the RST by mucking around with the
> SO_LINGER socket option, then the peer application is probably broken.
> (There are cases where an application might legitimately want to send an
> RST rather than a FIN, but they're few and far between.)
>
>
>
> In any event, you're at the mercy of TCP's semantics. When the
> conversation is aborted, rather than terminated normally, unprocessed data
> goes away. That's a Good Thing, because the peer has no way of knowing
> whether you received it.
>
>
>
> As is usually the case with this sort of issue, the real question is what
> problem are you actually trying to solve? "How can I make TCP behave
> differently?" is not the right question.
>
>
>
> Michael Wojcik
> Technology Specialist, Micro Focus
>
>
>
>
>
> _______________________________________________
> openssl-users mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
>
>

-- 
Anty Rao
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20151203/857e5561/attachment.html>