I sent this question to the list before and received no reply. I'm sending
it again in the hopes that someone who didn't reply the first time because
they though someone else might know better will now speak up. Thanks in
advance.
I'm having some problems with an application that uses long-running SSL
connections. The symptom is that the connection just breaks for no apparent
reason.
The application uses a bio pairs approach, using OpenSSL just as a data
pump. OpenSSL itself does not touch any sockets. Three bios are used, the
SSLbio is used to pass cleartext to and get cleartext from the SSL
connection. The SSL engine talks to one half of the BIO pair and the
encrypted data is sent to and received from an IObio which is the other half
of the pair.
Everything works fine most of the time. For short-lived HTTPS
connections, there's no problem ever. However, for long-running connections,
eventually the connection breaks. Internally, the problem occurs when reading
from the SSLbio to attempt to get cleartext from the SSL engine. The error is
as follows:
23574:error:20071078:BIO routines:BIO_write:uninitialized:bio_lib.c:196:
So, somehow the SSL bio isn't initialized anymore. But how could that
have happened?
Note that this isn't the usual deadlock problem. There's no evidence of
any deadlocking at all and my code is careful to try all directions to avoid
a deadlock.
If it helps, my application differs from the bio pair code in ssltest.c
in one way that might be significant. My code never use BIO_ctrl_pending or
BIO_ctrl_get_write_gurantee. It just tries to write or read and takes what
it gets or doesn't get. If the return value is <0, it calls BIO_should_retry
to see if it's a hard error or a soft error. (Is this okay? If not, is there
some other test I should do?)
I've tested most extensively on Linux with OpenSSL-0.9.6g, however we've
seen the same symptoms (long-lived connections mysteriously breaking) on
other platforms with other versions (but have not confirmed that the same
underlying process is responsible).
Any hints, suggestions, or relevant known bugs?
DS
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
