[openssl-users] SSL_ERROR_WANT_READ but nothing to read
Matt Caswell
matt at openssl.org
Tue Mar 17 11:03:21 UTC 2015
On 17/03/15 00:51, Narada Hess wrote:
> HI,
>
> I have a client application using a single read-write socket in
> non-blocking mode. In C, on Linux, using openssl 1.0.1e. After the
> connection is established and all the initial handshaking is done, the
> client issues SSL_read(), then enters a loop of:
>
> - Interpret results (such as break upon socket close)
>
> - select() on the socket
>
> - SSL_read() again
>
> . . . until the expected number of bytes have been read.
>
>
>
> The first SSL_read() returns SSL_ERROR_WANT_READ and loops to attempt to
> retry the operation. But select() indicates that the socket is not
> readable, so we block forever and the server times out (the server had
> written a record which the client never reads).
>
>
>
> I experimented by skipping the select() and just sleeping a little, but
> in that case, infinite retries of SSL_read() did not help. Another
> experiment was to try writing some arbitrary data. That _/DID/_ seem to
> help and moved the protocol forwards a bit. But I shouldn’t have to do
> that – we have nothing to write until we have received the full read record.
>
>
>
> In case it matters, the server on the other end is an OpenDaylight
> controller. Its logs indicate successful handshake, appropriate cipher
> suite, etc. And my test client-server application using this logic
> works just fine. Also, no SSL_writes() are happening during this, or
> any other operation that would change the SSL* object state, AFAIK.
>
>
>
> I’ve tried Wireshark on this, but I have not been able to glean too much
> from it, as everything is encrypted and also it seems to be showing
> transport sized packets of 15xx bytes instead of application sized
> records – could that be pointing at the problem? I did not set the
> read_ahead option.
>
>
>
> Any ideas? I have spent hours reading the SSL documentation (such as
> SSL_get_error) and many, many posts and answers, plus several SSL
> books. It seems that I am doing the right thing here. So why is
> select() blocking? There is no outstanding write operation, so
> shouldn’t a retry of SSL_read() clear any handshake/renegotiation stuff?
>
Are you sure the record that the server wrote actually got sent across
the network?
Have you tried connecting to the server using s_client? Does that succeed?
Matt
More information about the openssl-users
mailing list