SSL_shutdown returns 0 (retry) after EPIPE sys error.

Tue, 29 Mar 2005 11:17:06 -0800 




stunnel implements openssl, and there is a case where it loops hard on
retrying SSSL_shutdown.
Basically I am wondering if this is a known (fixed?) problem.

On Solaris, truss shows this:

18416:  lwp_sigredirect(0, SIGPIPE, 0x00000000)         = 0
18416:  write(13, "150301\018 3F1DBCCCBCAE3".., 29)     Err#32 EPIPE
18416:  poll(0xFEE219D0, 2, 43200000)                   = 1
18416:  write(13, "150301\018 3F1DBCCCBCAE3".., 29)     Err#32 EPIPE
18416:  poll(0xFEE219D0, 2, 43200000)                   = 1
18416:  write(13, "150301\018 3F1DBCCCBCAE3".., 29)     Err#32 EPIPE

And pfiles shows that FD 13 is a disconnected socket:

13: S_IFSOCK mode:0666 dev:290,0 ino:46258 uid:0 gid:0 size:0
      O_RDWR|O_NONBLOCK FD_CLOEXEC
        sockname: AF_INET 0.0.0.0  port: 0

The stunnel log shows entry after entry like this:

2005.03.25 17:31:40 LOG7[3208:6]: SSL_shutdown retrying
2005.03.25 17:31:40 LOG7[3208:6]: SSL_shutdown retrying
2005.03.25 17:31:40 LOG7[3208:6]: SSL_shutdown retrying
2005.03.25 17:31:40 LOG7[3208:6]: SSL_shutdown retrying
2005.03.25 17:31:40 LOG7[3208:6]: SSL_shutdown retrying
2005.03.25 17:31:40 LOG7[3208:6]: SSL_shutdown retrying
2005.03.25 17:31:40 LOG7[3208:6]: SSL_shutdown retrying

The stunnel source implies that it will retry the shutdown when
SSL_shutdown returns 0.
Stunnel does not check for system errors when SSL_shutdown returns 0 (
maybe it should?).
Instead it assumes SSL_shutdown returns -1, if there is a system error, and
then it checks
errors. This seems reasonable to me.
--
"NOTICE:  The information contained in this electronic mail transmission is
intended by Convergys Corporation for the use of the named individual or
entity to which it is directed and may contain information that is
privileged or otherwise confidential.  If you have received this electronic
mail transmission in error, please delete it from your system without
copying or forwarding it, and notify the sender of the error by reply email
or by telephone (collect), so that the sender's address records can be
corrected."

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager                           [EMAIL PROTECTED]






















					Reply via email to