Sure. 1. The server receives the HTTP request, using SSL_read() and SSL_pending(). The request contains a Keep-Alive request. 2. The server writes the data out to another process. 3. The server then it sits on an event handler that multiplexes a select() (or Windows equivalent) on sockets it has an interest in, and other events such as receiving data from other processes. At this time it actually has no interest in any events at the socket, as it is waiting for the processing to complete. 4. The SSL client lose patience with a lack of response, and does an SSL shutdown and socket close. 5. An event is detected, and the server receives the result from the background processing. 6. It adds write interest to the socket and goes back to sitting on the event handler. 7. An event is detected and the server then performs an SSL_write() to the (non-existent) client, which is successful. 8. It then adds read interest in the socket, as it is a Keep-Alive socket, so it is waiting for the next HTTP request. It goes back to sitting on the event handler. 9. An event is detected and the server then performs:
9a. SSL_read() which fails (return code is -1). 9b. SSL_get_error() which returns SSL_ERROR_SYSCALL. 9c. ERR_get_error() which returns 0. In the original code SSL_get_shutdown() would not be called unless SSL_get_error() returns SSL_ERROR_ZERO_RETURN, but I added an extra debug call after the call to SSL_get_error(), and it did not show SSL_RECEIVED_SHUTDOWN. And I have now added a call to WSAGetLastError() after the call to ERR_get_error(), and it returns WSAECONNABORTED. So I do get a read event on the socket. I do call SSL_read. It fails. But the shutdown is apparently not received, as: a. SSL_get_error() does not return SSL_ERROR_ZERO_RETURN b. SSL_get_shutdown() does not show SSL_RECEIVED_SHUTDOWN I hope that's clear. As I say, the code works fine on Linux. G. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Darryl Miles Sent: 16 August 2007 17:44 To: openssl-users@openssl.org Subject: Re: Problem handling unexpected SSL shutdown Shaw Graham George wrote: > The problem is that, on Windows at least, my server doesn't appear to > get the "SSL shutdown notify" packet, for some reason. So, if that is > to be expected, I'm looking for an alternative way of detecting the > closure. > > I've now tested it on Linux, and the existing code works fine. In > other words, when trying the SSL_Get: SSL_read() ? > > 1. It fails > 2. SSL_get_error() returns SSL_ERROR_ZERO_RETURN 3. > (SSL_get_shutdown() & SSL_RECEIVED_SHUTDOWN) is true > > On Windows this is not the case. > > But I guess if this problem is restricted to Windows, then I can: > > 1. Add the call to WSAGetLastError() just for that platform 2. Use > it to detect the socket closure and ... > 3. Softly close the server socket that way > > Unless somebody has any better ideas ... Can you log the OpenSSL API calls you make and the return values you see. When seeing any errors from OpenSSL don't forget the idiom's: int err = SSL_get_error(client->ssl, n); int wsa_errno = WSAGetLastError(); and log the values you see. Please also include the OpenSSL API calls made just before the other end disappears. This would clear up in my mind what you are observing : * You don't get the read-ready wakeup event from Win32 API ? So you never get a chance to call SSL_read(). * You don't see an error from SSL_read() ? But what did it return instead ? * You never see '(SSL_get_shutdown() & SSL_RECEIVED_SHUTDOWN) is true' condition, even though you have written you own client and can confirm it does/will send a "SSL shutdown notify" packet, will ensure the data is flushed to the socket and will keep the socket open waiting to receive a "SSL shutdown notify" packet from the other end ? If you get the read-ready wakeup event from Win32 API, then your code will end up calling SSL_read() and that call should attempt to process another packet and pull data from the socket as necessary until no more progress can be made at this time. This will implicitly process the "SSL shutdown notify" packet. Darryl ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
