[openssl-users] SSL_ERROR_WANT_READ but nothing to read

Narada Hess nhess at Brocade.COM
Tue Mar 17 22:47:31 UTC 2015 

In case anyone is following this thread, Matt's suggestion led to the solution.  It turns out we weren't getting a packet from the remote end and all my angst was for naught.  Thanks, Matt, for your help.  N

-----Original Message-----
From: openssl-users [mailto:openssl-users-bounces at openssl.org] On Behalf Of Matt Caswell
Sent: Tuesday, March 17, 2015 4:03 AM
To: openssl-users at openssl.org
Subject: Re: [openssl-users] SSL_ERROR_WANT_READ but nothing to read

On 17/03/15 00:51, Narada Hess wrote:
> HI,
> 
> I have a client application using a single read-write socket in 
> non-blocking mode. In C, on Linux, using openssl 1.0.1e.  After the 
> connection is established and all the initial handshaking is done, the 
> client issues SSL_read(), then enters a loop of:
> 
> -          Interpret results (such as break upon socket close)
> 
> -          select() on the socket
> 
> -          SSL_read() again
> 
> . . . until the expected number of bytes have been read.
> 
>  
> 
> The first SSL_read() returns SSL_ERROR_WANT_READ and loops to attempt 
> to retry the operation.  But select() indicates that the socket is not 
> readable, so we block forever and the server times out (the server had 
> written a record which the client never reads).
> 
>  
> 
> I experimented by skipping the select() and just sleeping a little, 
> but in that case, infinite retries of SSL_read() did not help.  
> Another experiment was to try writing some arbitrary data.  That 
> _/DID/_ seem to help and moved the protocol forwards a bit.  But I 
> shouldn't have to do that - we have nothing to write until we have received the full read record.
> 
>  
> 
> In case it matters, the server on the other end is an OpenDaylight 
> controller.  Its logs indicate successful handshake, appropriate 
> cipher suite, etc.  And my test client-server application using this 
> logic works just fine.  Also, no SSL_writes() are happening during 
> this, or any other operation that would change the SSL* object state, AFAIK.
> 
>  
> 
> I've tried Wireshark on this, but I have not been able to glean too 
> much from it, as everything is encrypted and also it seems to be 
> showing transport sized packets of 15xx bytes instead of application 
> sized records - could that be pointing at the problem?  I did not set 
> the read_ahead option.
> 
>  
> 
> Any ideas?  I have spent hours reading the SSL documentation (such as
> SSL_get_error) and many, many posts and answers, plus several SSL 
> books.  It seems that I am doing the right thing here.  So why is
> select() blocking?  There is no outstanding write operation, so 
> shouldn't a retry of SSL_read() clear any handshake/renegotiation stuff?
> 

Are you sure the record that the server wrote actually got sent across the network?

Have you tried connecting to the server using s_client? Does that succeed?

Matt

_______________________________________________
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

More information about the openssl-users mailing list