>I am wondering if the following scenario possible: >1) The server calls SSL_accept(). The underlying socket is in blocking mode >2) The client calls SSL_connect(). The underlying socket is in blocking >mode >3) SSL_connect() returns error. >4) The server does not notice this, and continues to wait in SSL_accept().
Am not sure what you mean from the 4th point, "server does not notice this". TCP is a connection oriented protocol and if the connect fails on the client, then the server will get a valid error message, but that depends on where the failure has happened. If the failure is at the TCP level say if the client fails to even open a socket (client application) then the server is not even bothered as its listening on port 443 and wont even receive any SYN packets. When "SSL_Accept" is made blocking, it only means that the call to SSL_accept will not return until the SSL handshake is completed and during that point of time, the application will not be able to accept any new tcp requests, provided its all handled as part of the same thread. If ur going to fork and then block, then u dont have any problem (if you dont want to go for non blocking mode). If the SSL handshake fails the appropriate error message will be seen by the server and it will definitely not MISS it..and if there is a tcp level failure after the tcp connection is established .. say u get a RST..then SSL_accept will break and return the error to the calling application. I am unable to think of a scenerio why ur case is possible unless some serious network congestion has developed and pkts were lost..i dont see how..but the experts might able to give u a better idea. Thanks --Gayathri > > If the scenario mentioned above is possible, then the server will be > > blocked in the SSL_accept() (until the underlying tcp connection is > > broken) and hence wont be able to service other clients' connection > > requests > > This is the Toyota Principle, "you asked for it, you got it." If you > don't want to block, don't use blocking sockets. The only mechanism > that can assure that a socket operation will not block is non-blocking sockets. Thanks for responding. I will definitely consider using non blocking sockets here. But what I am more interested in knowing is 'whether' the scenario that I mentioned is possible, and has anyone ever experienced it. ~ Urjit DISCLAIMER ========== This e-mail may contain privileged and confidential information which is the property of Persistent Systems Pvt. Ltd. It is intended only for the use of the individual or entity to which it is addressed. If you are not the intended recipient, you are not authorized to read, retain, copy, print, distribute or use this message. If you have received this communication in error, please notify the sender and delete all copies of this message. Persistent Systems Pvt. Ltd. does not accept any liability for virus infected mails. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] ******************************************************************************** This email message (including any attachments) is for the sole use of the intended recipient(s) and may contain confidential, proprietary and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please immediately notify the sender by reply email and destroy all copies of the original message. Thank you. Intoto Inc. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
