Hi All,
I am performing an SSL load, soak and stress test on WIN CE. My test
program runs on a WIN CE PDA that has an ARM chip. The PDA talks to an
openssl UNIX server at the other end. The test program on the PDA client
uses non-blocking I/O to connect and disconnect from the SSL server. The
following is steps are performed by the PDA:
1) Set up client SSL context:
client_ctx = SSL_CTX_new(SSLv23_method());
2) perform a NON-SSL socket:
connect (fd, &socketAddr, sizeof(socketAddr));
3) Create a socket BIO with the existing socket fd from the connect()
:
conn = BIO_new(BIO_s_socket());
4) Attach socket descriptor to the BIO:
BIO_set_fd(conn, fd, BIO_CLOSE);
5) Create new SSL object:
ssl = SSL_new(_clientCtx);
6) Specify BIO for SSL object to use:
SSL_set_bio(_ssl, conn, conn);
7) Causes SSL to initiate call to server:
SSL_connect(_ssl)
8) Destroy resources:
SSL_shutdown(ssl);
SSL_free(ssl);
SSL_CTX_free(client_ctx);
These steps are performed for every iteration. On the 512th or 513th
iteration, the SSL_connect() function returns the "SSL_ERROR_SSL" return
code. I/O are dispatched appropriately using WinCE event-driven
dispatcher. Due to the predictability of the error (512,513 iterations),
it is probable that it may be a resource problem.
I am using the very latest version of openssl for WinCE:openssl-0.9.7b
Two questions crop up:
1. Are the steps above missing anything that should be there ?
2. Is there a known bug in WinCE that vaguly resembles this problem.
ANY IDEAS ANYBODY ???
The segment of the source code follows:
=================================================================================
// This is a virtual function to of wsocket that polymorphically
supports
// an SSL connection
WErr SSLinterface::Connect(TSocketAddress& address)
{
BIO *conn;
char *sslError;
char *buf = "dhjsdjdskwlweoweiwjdnddjwjwjwjwej�wejweew";
if ((_clientCtx = SSL_CTX_new(SSLv23_method()) == NULL) {
return kErr_SSL_ERROR_SSL;
}
// Causes all I/O operations to automatically retry all reads and
complete all negotiations before returning.
SSL_CTX_set_mode(_clientCtx, SSL_MODE_AUTO_RETRY);
//Temporary (to be replaced): Need a better way to seed SSL e.g
egads().
RAND_seed(buf, strlen(buf));
//This is a non-SSL socket connect API
int rc = connect (fSocket, &socketAddr, sizeof(socketAddr));
//Create a socket BIO with an existing socket file descriptor that
will
// not be closed when the BIO is destroyed
conn = BIO_new(BIO_s_socket());
BIO_set_fd(conn, fSocket, BIO_CLOSE);
if ((_ssl = SSL_new(_clientCtx)) == NULL) {
return kErr_SSL_ERROR_SSL;
SSL_set_bio(_ssl, conn, conn);
for (;;) {
if ((rc = SSL_connect(_ssl)) > 0)
break;
int err = SSLinterface::SSLGetError(_ssl, rc, sslError);
if (err == SSL_ERROR_WANT_READ || err == SSL_ERROR_WANT_WRITE) {
continue;
}
return err;
}
return 0;
} // Connect
SSL_read()/SSL_write()
======================
These functions are called in the usual non-blocking context.
And the destructor:
===================
SSLinterface::~SSLinterface()
{
if (_clientCtx && _ssl) {
SSL_shutdown(_ssl);
}
if (_ssl) {
SSL_free(_ssl);
}
if (_clientCtx) {
SSL_CTX_free(_clientCtx);
}
}begin:vcard
n:Kanagasabai;Bala
x-mozilla-html:FALSE
org:Retriever Communications Pty Ltd
adr:;;;;;;
version:2.1
email;internet:[EMAIL PROTECTED]
title:Principal Software Developer
x-mozilla-cpt:;-7712
fn:Bala Kanagasabai
end:vcard
