[openssl-users] SSL_ERROR_WANT_READ but nothing to read
nhess at Brocade.COM
Tue Mar 17 22:47:31 UTC 2015
In case anyone is following this thread, Matt's suggestion led to the solution. It turns out we weren't getting a packet from the remote end and all my angst was for naught. Thanks, Matt, for your help. N
From: openssl-users [mailto:openssl-users-bounces at openssl.org] On Behalf Of Matt Caswell
Sent: Tuesday, March 17, 2015 4:03 AM
To: openssl-users at openssl.org
Subject: Re: [openssl-users] SSL_ERROR_WANT_READ but nothing to read
On 17/03/15 00:51, Narada Hess wrote:
> I have a client application using a single read-write socket in
> non-blocking mode. In C, on Linux, using openssl 1.0.1e. After the
> connection is established and all the initial handshaking is done, the
> client issues SSL_read(), then enters a loop of:
> - Interpret results (such as break upon socket close)
> - select() on the socket
> - SSL_read() again
> . . . until the expected number of bytes have been read.
> The first SSL_read() returns SSL_ERROR_WANT_READ and loops to attempt
> to retry the operation. But select() indicates that the socket is not
> readable, so we block forever and the server times out (the server had
> written a record which the client never reads).
> I experimented by skipping the select() and just sleeping a little,
> but in that case, infinite retries of SSL_read() did not help.
> Another experiment was to try writing some arbitrary data. That
> _/DID/_ seem to help and moved the protocol forwards a bit. But I
> shouldn't have to do that - we have nothing to write until we have received the full read record.
> In case it matters, the server on the other end is an OpenDaylight
> controller. Its logs indicate successful handshake, appropriate
> cipher suite, etc. And my test client-server application using this
> logic works just fine. Also, no SSL_writes() are happening during
> this, or any other operation that would change the SSL* object state, AFAIK.
> I've tried Wireshark on this, but I have not been able to glean too
> much from it, as everything is encrypted and also it seems to be
> showing transport sized packets of 15xx bytes instead of application
> sized records - could that be pointing at the problem? I did not set
> the read_ahead option.
> Any ideas? I have spent hours reading the SSL documentation (such as
> SSL_get_error) and many, many posts and answers, plus several SSL
> books. It seems that I am doing the right thing here. So why is
> select() blocking? There is no outstanding write operation, so
> shouldn't a retry of SSL_read() clear any handshake/renegotiation stuff?
Are you sure the record that the server wrote actually got sent across the network?
Have you tried connecting to the server using s_client? Does that succeed?
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
More information about the openssl-users