On Thu, Sep 05, 2002 at 10:57:59PM +0200, Pierre Chifflier wrote:
> SSL_ERROR_WANT_READ, I must iterate on SSL_accept. I've done the following:
>
> 8<--------------------------------
> SSL_set_accept_state(ssl);
> fd = SSL_get_fd(ssl);
> fcntl(fd,F_SETFL,(fcntl(fd,F_GETFL)|O_NONBLOCK));
> do {
> out_err(LEVEL_CRITICAL,"Before SSL_accept\n");
> status = SSL_accept(ssl);
> sslerr = SSL_get_error(ssl,status);
>
> if (status==1) {
> out_err(LEVEL_INFO,"Data connection successfully switched to ssl mode\n");
> context->ssl.data_mode = TLS_PRIV;
> return 0;
> } else {
> FD_ZERO(&fd_r);
> FD_ZERO(&fd_w);
> tv.tv_usec = 0;
> tv.tv_sec = 5;
> switch (sslerr) {
> case SSL_ERROR_WANT_READ:
> FD_SET(fd,&fd_r);
> fprintf(stderr,"SSL_ERROR_WANT_READ\n");
> break;
> case SSL_ERROR_WANT_WRITE:
> FD_SET(fd,&fd_w);
> fprintf(stderr,"SSL_ERROR_WANT_WRITE\n");
> break;
> default:
> out_log(LEVEL_CRITICAL,"tls_auth_data_cont: error accepting: %s\n",
> (char*)ERR_error_string(sslerr,NULL));
> return 1;
> }
> r = select(fd+1, &fd_r, &fd_w, NULL, &tv);
> }
> } while (status == -1 && r != 0);
>
> if (r == 0) {
> out_err(LEVEL_CRITICAL,"tls_auth_data_cont failed\n");
> return -1;
> }
> --------------------------------
>
> The problem is that it never pass the SSL_accept - the output is:
>
> Before SSL_accept
> SSL_ERROR_WANT_READ
> tls_auth_data_cont failed
I don't see the problem on the first glance. The "while" loop is being left,
which indicates that status!=-1 or r==0.
The case status==0 should be covered by the "default:" case, as it should
not result in WANT_READ or WANT_WRITE, so it should not matter, but
you might consider to explicitly think about this case.
So you should be facing r==0, shouldn't you, meaning that there is
a timeout condition and no data is to be read from "fd".
> New TCP connection #1: pollux.draw(33044) <-> localhost(2501)
> 1 5.0071 (5.0071) S>C TCP FIN
> 1 1 5.0092 (0.0021) C>SV3.0(83) Handshake
> ClientHello
> Version 3.0
> random[32]=
> 3d 77 c2 f5 38 86 6c bd 7b 40 73 75 ad 3a 19 2c
> de 76 25 64 88 a1 93 5e b8 3d aa ac fe 88 d1 61
> cipher suites
> SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA
> ...
> SSL_RSA_EXPORT_WITH_RC4_40_MD5
> compression methods
> NULL
So it seems that the client sends at least some data. Please check out
the examples in apps/s_cb.c. You can use the callbacks to have a look
into the I/O operations performed and see, at which point the failure
occurs. It finally may be something simple like listening on the wrong
socket :-)
Best regards,
Lutz
--
Lutz Jaenicke [EMAIL PROTECTED]
http://www.aet.TU-Cottbus.DE/personen/jaenicke/
BTU Cottbus, Allgemeine Elektrotechnik
Universitaetsplatz 3-4, D-03044 Cottbus
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
