RE: Problem in using SSL_accept on vxWorks 5.5 (Pentium)

Fri, 12 Sep 2008 06:02:15 -0700 

> Hi,
> I am trying to use SSL_accept on vxWorks 5.5 (Pentium). But when the SSL
> client sends the initial handshake message (Client Hello),
> then SSL_accept returns failure with error as SSL_ERROR_WANT_READ.
>
> The same code works fine when used on Linux platform and
> handshake completes
> successfully.
>
> On server side, when select returns success, TCP accept is called and
> finally SSL_accept is called.
> the following snippet shows the code flow:
>
> pSslCtx = SSL_CTX_new(TLSv1_method());
>
>
> ...
> SSL_set_accept_state(pSsl);
> dRetVal = SSL_accept(pSsl);
>                    ssl3_accept
>                        ssl3_get_client_hello
>                           ssl3_get_message
>                                 ssl3_read_bytes
>                                      ssl3_get_record
>                                            ssl3_read_n
>                                                   BIO_read
>
>
> The function SSL_accept internally calls ssl3_get_client_hello,
> and finally
> function BIO_read is called to read the Hello message. This
> function returns
> failure while reading.
>
> If I use a debugger and browse the exection step by step then everything
> works fine.
> Also, if I add some delay (by adding sleep(2)) before BIO_read, then also
> everything works fine.
>
> Please suggest what may be the reason for this. Is something missing in
> initilization part ?
> or can I make the call of BIO_read blocking ?

What are you trying to do? Are you attempting a blocking SSL_accept or a
non-blocking one? It sounds like you are correctly doing a non-blocking
SSL_accept, and OpenSSL is correctly informing you that an accept would have
to block because data OpenSSL needs to read has not arrived yet.

This is documented behavior:

       If the underlying BIO is non-blocking, SSL_accept() will also return
       when the underlying BIO could not satisfy the needs of SSL_accept()
to
       continue the handshake, indicating the problem by the return
value -1.
       In this case a call to SSL_get_error() with the return value of
       SSL_accept() will yield SSL_ERROR_WANT_READ or SSL_ERROR_WANT_WRITE.
       The calling process then must repeat the call after taking
appropriate
       action to satisfy the needs of SSL_accept().  The action depends on
the
       underlying BIO. When using a non-blocking socket, nothing is to be
       done, but select() can be used to check for the required condition.
       When using a buffering BIO, like a BIO pair, data must be written
into
       or retrieved out of the BIO before being able to continue.

DS


______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager                           [EMAIL PROTECTED]

Reply via email to