I have strange behaviour of my multithread ssl server. I've tried to localize
my error and understood that client can connect to server only 1022 times,
after that connection can not be established. Now I switched off all my
client-server data
communications. Client only connects to server and disconnects after that.
My server suspends at the beginning of 1023 iteration on that string:
if( BIO_do_accept( m_acceptConnector ) <= 0 )
throw openSSLException("Error in accepting connection");
My server does not throw openSSLException exception and on another hand
program does
not go to next piece of code ( I've logged messages)
Ways I've tried to solve the problem:
1) I looked thought memory usage of client and server and it seems all ok.
Neither server nor client
do not show memory grow while connections.
2) I supposed my multithread implementation was incorrect,
myServer sv( serverPort, certificateFile, certificateKey );
while( 1 )
{
pthread_t pThread;
pthread_attr_t attrib;
int threadID;
if( !pthread_attr_init(&attrib) )
pthread_attr_setdetachstate( &attrib, PTHREAD_CREATE_DETACHED
);
else
throw cppException("can't initialize pthread attributes");
/// Creating thread
if( (threadID = pthread_create( &pThread, &attrib,
myServer::processClient, (void*)&sv)) != 0)
throw cppException( strerror(threadID) );
/// releasing thread attributes
pthread_attr_destroy( &attrib );
/// exceptions processing...
...
}
But when I switched off openSSL at all multitheading works fine ( no
suspending on 1022 step).
3) I looked my iptables on linux machine where I have my server
There is no any rool which restrcts connection count through the port I use.
4) I tried to run my server and client programs in different linux
machines. The behaviour is the same
- server stops to accept connection from client after 1022 iteration.
My client implementation is following ( connection part):
I have class sslClient and three variables in protected part:
SSL *m_ssl; SSL_CTX *m_ctx; BIO *m_connector;
sslClient::sslClient( const string& caFile )
{
/// Initialization
SSL_load_error_strings();
SSL_library_init();
ERR_load_BIO_strings();
OpenSSL_add_all_algorithms();
/// setting up SSL pointer
m_ctx = SSL_CTX_new( SSLv23_client_method() );
/// loading trust certificate
if(! SSL_CTX_load_verify_locations(m_ctx, caFile.c_str(), NULL))
throw openSSLException( "unable to load trust store:" );
}
int sslClient::connect( const string& host, const string& port )
{
/// opening a secure conection
/// setting up BIO object
m_connector = BIO_new_ssl_connect(m_ctx);
BIO_get_ssl( m_connector, &m_ssl);
SSL_set_mode(m_ssl, SSL_MODE_AUTO_RETRY);
/// attemp to connect
BIO_set_conn_hostname(m_connector, (host + ":" + port).c_str() );
/// verify the connection open and perform the handshake
if( BIO_do_connect(m_connector) <= 0 )
return -1;
/// Checking is certificate valid
if( SSL_get_verify_result(m_ssl) != X509_V_OK)
return 0;
return 1;
}
void sslClient::disconnect()
{
BIO_free_all( m_connector );
}
My server code is following: I have sslServer class and some important vars
here:
BIO *m_baseConnector;
BIO *m_acceptConnector;
BIO *m_talkConnector;
SSL_CTX *m_ctx;
SSL *m_ssl;
sslServer::sslServer( const string& port, const string& serverCert,
const string& privKey, const string& passwd )
{
/// important lines:
SSL_load_error_strings();
SSL_library_init();
ERR_load_BIO_strings();
OpenSSL_add_all_algorithms();
m_ctx = SSL_CTX_new( SSLv23_server_method() );
if( m_ctx == NULL)
throw openSSLException( "unable create SSL context:" );
/// setting password callback function , not important here all
works OK
int (*callback)(char *, int, int, void *) =
&sslServer::password_callback;
SSL_CTX_set_default_passwd_cb(m_ctx, callback);
/// loading certificate
if( SSL_CTX_use_certificate_file(m_ctx, serverCert.c_str(),
SSL_FILETYPE_PEM ) != 1 )
throw openSSLException("error while trying to use certificate");
/// loading private key
if( SSL_CTX_use_PrivateKey_file(m_ctx, privKey.c_str(),
SSL_FILETYPE_PEM)
!= 1 )
throw openSSLException("error while trying to load private
key");
/// creating the base BIO object
m_baseConnector = BIO_new_ssl(m_ctx, 0);
if( m_baseConnector == NULL )
throw openSSLException("error while creating the base
Connector");
/// setup SSL connection structure object
BIO_get_ssl( m_baseConnector, &m_ssl );
SSL_set_mode( m_ssl, SSL_MODE_AUTO_RETRY );
/// Setting up accept BIO object
m_acceptConnector = BIO_new_accept( (char*) port.c_str() );
BIO_set_accept_bios( m_acceptConnector, m_baseConnector );
/// Setting m_acceptConnector for accepting incoming connections
if( BIO_do_accept( m_acceptConnector ) <= 0 )
throw openSSLException("error \
while setting connector for accepting incoming
connections");
}
next function is called on each server iteration:
void sslServer::isConnection()
{
if( BIO_do_accept( m_acceptConnector ) <= 0 )
throw openSSLException("Error in accepting connection");
log("acceptConnector without error");
/// getting talk connector
m_talkConnector = BIO_pop( m_acceptConnector );
if( BIO_do_handshake( m_talkConnector ) <= 0)
{
log("bad handshake...");
return;
}
log("new connection");
}
So why having these simple client- server ssl code accepts only 1022
connects from
client side? And after that server suspends on BIO_do_accept. As I told all
memory usage
was ok ( CPU average usage 0.3% , memory usage 0.4% ).
I use OpenSSL 0.9.8f , linux is FC4.
I run client and server on the same machine ( to localize this bug).
What is the direction I must search to solve my problem? Thanks.
--
View this message in context:
http://www.nabble.com/Help-pls%21-What-going-on-after-1022-connects-from-client--tf4858051.html#a13901914
Sent from the OpenSSL - User mailing list archive at Nabble.com.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
