[openssl-users] SSL_Write() returns error SSL_ERROR_SYSCALL with errno 11, and it wants caller to try again

Camiel C. Coppelmans k1000.c at gmail.com
Tue Nov 1 15:29:11 UTC 2016


I did encounter a situation which I think could be better handled by
openssl lib. In my system, when working under heavy load, sometimes while
calling SSL_Write, it will return SSL_ERROR_SYSCALL, which we treated as an
error and aborted the operation.  Next time, when we wanted to send a new
packet, passing a new buffer with a different length to the SSL_Write
function, it returns the error SSL_ERROR_SSL with the following details:

*140701061253440:error:1409F07F:SSL routines:ssl3_write_pending:bad write

Meaning that SSL_Write was actually expecting us to call it again with the
same buffer and length that was used when it returned SSL_ERROR_SYSCALL.

It turns out that when SSL_Write returned SSL_ERROR_SYSCALL, errno value
was set to 11 (EAGAIN or EWOULDBLOCK), so I figured out that, although
openssl didn't explicitly indicate us to try again, the underling socket
did, therefore I started to handle this specific scenario the same way I
would if SSL_Write would have returned SSL_ERROR_WANT_WRITE, and it worked.

My question is: Is it ok to trust the errno in this scenario? Can I handle
it that way I handled?

And two: If Openssl is expecting us to retry the SSL_Write call, it should
have returned SSL_ERROR_WANT_WRITE, like it does for all other scenarios.
So, maybe it is something to be improved for a future release.

This issue happened in the following versions: 0.9.8zb and 1.0.2e

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20161101/f7c16999/attachment.html>

More information about the openssl-users mailing list