[openssl-users] Graceful shutdown of TLS connection for blocking sockets
Kyle Hamilton
aerowolf at gmail.com
Sun Oct 8 11:17:38 UTC 2017
The way to handle this situation is simply to never enter SSL_read() if
there isn't anything to read on the socket. select() or pselect() are your
friends, here, because they'll tell you if there's data to read from the
underlying file descriptor.
I hope this helps!
-Kyle H
On Oct 5, 2017 02:58, "mahesh gs" <mahesh116 at gmail.com> wrote:
> Hi All,
>
> I have query regarding the SSL_read on blocking socket. How to come out of
> blocking SSL_read when we have to close the connection ?
>
> As per the documentation SSL_read will only return if there is any data or
> an error occurred.
>
> "If the underlying BIO is *blocking*, SSL_read() will only return, *once
> the read operation has been finished or an error occurred,* except when a
> renegotiation take place, in which case a SSL_ERROR_WANT_READ may occur"
>
> I am trying following methods
>
> *method 1:*
>
> 1) Thread - 1 blocks in SSL_read
> 2) Thread - 2 receive indication to stop the connection from application.
> Call SSL_Shutdown() to unblock the SSL_read in thread - 1. But this is
> dangerous as calling SSL_shutdown and SSL_read from different threads on
> same context can lead to undefined behaviour.
>
> *method 2:*
>
> 1) Thread - 1 blocks in SSL_read
> 2) Thread - 2 receive indication to stop the connection from application.
> shutdown the underlying TCP socket using system command (shutdown
> (socket_id, SHUT_WR)) that cause the SSL_read to unblock.
> 3) Thread - 1 unwind and close the TCP socket (using close(socket_id)).
> thread -1 cannot call SSL_Shutdown since the TCP socket is shutdown by
> thread - 2 for write operation. As per my understanding this violates the
> TLS standard because of not sending out the close notify handshake.
>
> How to ensure to come out of blocking SSL_read and initiate SSL_shutdown
> from same thread?
>
> Thanks,
> Mahesh G S
>
> --
> openssl-users mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20171008/e56ecaee/attachment-0001.html>
More information about the openssl-users
mailing list