[openssl-users] Graceful shutdown of TLS connection for blocking sockets

[mahesh gs]

Hi All,

I have query regarding the SSL_read on blocking socket. How to come out of
blocking SSL_read when we have to close the connection ?

As per the documentation SSL_read will only return if there is any data or
an error occurred.

 "If the underlying BIO is *blocking*, SSL_read() will only return, *once
the read operation has been finished or an error occurred,* except when a
renegotiation take place, in which case a SSL_ERROR_WANT_READ may occur"

I am trying following methods

*method 1:*

1) Thread - 1 blocks in SSL_read
2) Thread - 2 receive indication to stop the connection from application.
Call SSL_Shutdown() to unblock the SSL_read in thread - 1. But this is
dangerous as calling SSL_shutdown and SSL_read from different threads on
same context can lead to undefined behaviour.

*method 2:*

1) Thread - 1 blocks in SSL_read
2) Thread - 2 receive indication to stop the connection from application.
shutdown the underlying TCP socket using system command (shutdown
(socket_id, SHUT_WR)) that cause the SSL_read to unblock.
3) Thread - 1 unwind and close the TCP socket (using close(socket_id)).
thread -1 cannot call SSL_Shutdown since the TCP socket is shutdown by
thread - 2 for write operation. As per my understanding this violates the
TLS standard because of not sending out the close notify handshake.

How to ensure to come out of blocking SSL_read and initiate SSL_shutdown
from same thread?

Thanks,
Mahesh G S
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20171005/2b649444/attachment.html>