RE: Problem in using SSL_accept on vxWorks 5.5 (Pentium)

vne Fri, 12 Sep 2008 07:23:54 -0700

[Corrected]
Hi ,
I replaced the call to SSL_accept to this one and it worked !!! Thanks for
your help.


int i =0;
while(1 == i) 
            {
                dRetVal = SSL_accept(pSsl);
                if(!(SSL_ERROR_WANT_READ == SSL_get_error(pSsl,dRetVal)))
                    i=0;
            }

So, this kind of condition should be put for every non-blocking SSL call ?


vne wrote:
> 
> Hi,
> I replaced the call to SSL_select to this one and it worked !!! Thanks for
> your help.
> 
> int i =0;
> while(1 == i) 
>             {
>                 dRetVal = SSL_accept(pSsl);
>                 if(!(SSL_ERROR_WANT_READ == SSL_get_error(pSsl,dRetVal)))
>                     i=0;
>             }
> 
> So, this kind of condition should be put for every non-blocking SSL call ?
> 
> 
> vne wrote:
>> 
>> You are right that I am making a non-blocking SSL_accept call.
>> 
>> The problem is on vxWorks when 'select' states that some connection
>> request is present, SSL_accept returns failure with error code as
>> SSL_ERROR_WANT_READ.
>> 
>> But if I add some delay in between this 'select' and 'SSL_accept', then
>> it returns with successful handshake.
>> 
>> Moreover, this behavior is not observed on Linux Platform.
>> 
>> As per documentation, in case of non-blocking socket, should I call
>> 'select' again to check in the request is still there and then call
>> SSL_accept again? 
>> Or I am missing something?
>> 
>> Thanks for replying.
>> 
>> 
>> 
>> 
>> David Schwartz wrote:
>>> 
>>> 
>>>> Hi,
>>>> I am trying to use SSL_accept on vxWorks 5.5 (Pentium). But when the
>>>> SSL
>>>> client sends the initial handshake message (Client Hello),
>>>> then SSL_accept returns failure with error as SSL_ERROR_WANT_READ.
>>>>
>>>> The same code works fine when used on Linux platform and
>>>> handshake completes
>>>> successfully.
>>>>
>>>> On server side, when select returns success, TCP accept is called and
>>>> finally SSL_accept is called.
>>>> the following snippet shows the code flow:
>>>>
>>>> pSslCtx = SSL_CTX_new(TLSv1_method());
>>>>
>>>>
>>>> ...
>>>> SSL_set_accept_state(pSsl);
>>>> dRetVal = SSL_accept(pSsl);
>>>>                    ssl3_accept
>>>>                        ssl3_get_client_hello
>>>>                           ssl3_get_message
>>>>                                 ssl3_read_bytes
>>>>                                      ssl3_get_record
>>>>                                            ssl3_read_n
>>>>                                                   BIO_read
>>>>
>>>>
>>>> The function SSL_accept internally calls ssl3_get_client_hello,
>>>> and finally
>>>> function BIO_read is called to read the Hello message. This
>>>> function returns
>>>> failure while reading.
>>>>
>>>> If I use a debugger and browse the exection step by step then
>>>> everything
>>>> works fine.
>>>> Also, if I add some delay (by adding sleep(2)) before BIO_read, then
>>>> also
>>>> everything works fine.
>>>>
>>>> Please suggest what may be the reason for this. Is something missing in
>>>> initilization part ?
>>>> or can I make the call of BIO_read blocking ?
>>> 
>>> What are you trying to do? Are you attempting a blocking SSL_accept or a
>>> non-blocking one? It sounds like you are correctly doing a non-blocking
>>> SSL_accept, and OpenSSL is correctly informing you that an accept would
>>> have
>>> to block because data OpenSSL needs to read has not arrived yet.
>>> 
>>> This is documented behavior:
>>> 
>>>        If the underlying BIO is non-blocking, SSL_accept() will also
>>> return
>>>        when the underlying BIO could not satisfy the needs of
>>> SSL_accept()
>>> to
>>>        continue the handshake, indicating the problem by the return
>>> value -1.
>>>        In this case a call to SSL_get_error() with the return value of
>>>        SSL_accept() will yield SSL_ERROR_WANT_READ or
>>> SSL_ERROR_WANT_WRITE.
>>>        The calling process then must repeat the call after taking
>>> appropriate
>>>        action to satisfy the needs of SSL_accept().  The action depends
>>> on
>>> the
>>>        underlying BIO. When using a non-blocking socket, nothing is to
>>> be
>>>        done, but select() can be used to check for the required
>>> condition.
>>>        When using a buffering BIO, like a BIO pair, data must be written
>>> into
>>>        or retrieved out of the BIO before being able to continue.
>>> 
>>> DS
>>> 
>>> 
>>> ______________________________________________________________________
>>> OpenSSL Project                                 http://www.openssl.org
>>> User Support Mailing List                    openssl-users@openssl.org
>>> Automated List Manager                           [EMAIL PROTECTED]
>>> 
>>> 
>> 
>> 
> 
> 

-- 
View this message in context: 
http://www.nabble.com/Problem-in-using-SSL_accept-on-vxWorks-5.5-%28Pentium%29-tp19454074p19456955.html
Sent from the OpenSSL - User mailing list archive at Nabble.com.

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager                           [EMAIL PROTECTED]

RE: Problem in using SSL_accept on vxWorks 5.5 (Pentium)

Reply via email to