Cleaning up async jobs

[Arran Cudbard-Bell]

I'm taking a first pass at getting asynchronous certificate validation and
asynchronous stateful session-resumption working in our application.

In callbacks, when we need to perform an asynchronous action, we setup
our own internal state (bound to the SSL *) to detail what action is going
to be performed, then call ASYNC_pause_job().

SSL_read() returns -1, we call SSL_get_error and check for
SSL_ERROR_WANT_ASYNC.

We check our internal state structure to figure out the asynchronous action
we need to perform, perform it, then call SSL_read() again.

This is all fine, it works well.

In our application active requests can be cancelled if they run for too long.
If a request is cancelled after ASYNC_pause_job() has been called but
before SSL_read() has been called (i.e the job is paused) what would be
the correct way to handle this without leaking memory?

I can see SSL_free() calls ASYNC_WAIT_CTX_free, so we shouldn't
leak ASYNC_WAIT_CTXs, but heap allocated memory that's not
associated with the SSL * or any of its associated structures would
theoretically still  be leaked.

The obvious way of handling this is to mark up the request as cancelled,
call SSL_read() and check the request's cancellation state after each call
to  ASYNC_pause_job() inside the callback.

Is there something we can call either before SSL_read() or from within the
callback to encourage OpenSSL to terminate the handshake and not call
any more callbacks?  Is there a better way to handle the cancellations?

Many Thanks,
-Arran


Arran Cudbard-Bell <a.cudbardb at freeradius.org>
FreeRADIUS Development Team

FD31 3077 42EC 7FCD 32FE 5EE2 56CF 27F9 30A8 CAA2

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: Message signed with OpenPGP
URL: <https://mta.openssl.org/pipermail/openssl-users/attachments/20210617/f99f33e3/attachment-0001.sig>