[openssl-users] SSL_ERROR_WANT_READ but nothing to read

Narada Hess nhess at Brocade.COM
Tue Mar 17 00:51:51 UTC 2015

I have a client application using a single read-write socket in non-blocking mode. In C, on Linux, using openssl 1.0.1e.  After the connection is established and all the initial handshaking is done, the client issues SSL_read(), then enters a loop of:

-          Interpret results (such as break upon socket close)

-          select() on the socket

-          SSL_read() again
. . . until the expected number of bytes have been read.

The first SSL_read() returns SSL_ERROR_WANT_READ and loops to attempt to retry the operation.  But select() indicates that the socket is not readable, so we block forever and the server times out (the server had written a record which the client never reads).

I experimented by skipping the select() and just sleeping a little, but in that case, infinite retries of SSL_read() did not help.  Another experiment was to try writing some arbitrary data.  That _DID_ seem to help and moved the protocol forwards a bit.  But I shouldn't have to do that - we have nothing to write until we have received the full read record.

In case it matters, the server on the other end is an OpenDaylight controller.  Its logs indicate successful handshake, appropriate cipher suite, etc.  And my test client-server application using this logic works just fine.  Also, no SSL_writes() are happening during this, or any other operation that would change the SSL* object state, AFAIK.

I've tried Wireshark on this, but I have not been able to glean too much from it, as everything is encrypted and also it seems to be showing transport sized packets of 15xx bytes instead of application sized records - could that be pointing at the problem?  I did not set the read_ahead option.

Any ideas?  I have spent hours reading the SSL documentation (such as SSL_get_error) and many, many posts and answers, plus several SSL books.  It seems that I am doing the right thing here.  So why is select() blocking?  There is no outstanding write operation, so shouldn't a retry of SSL_read() clear any handshake/renegotiation stuff?

Thanks for any thoughts.  N
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20150317/3e5d66e1/attachment.html>

More information about the openssl-users mailing list