When error occurs, sometimes I get error:140F3042:SSL routines:SSL_U
NDEFINED_CONST_FUNCTION:called a function you should not call.
qunying wrote:
Hi,
Thanks for your reply.
Here is my program flow:
SSL_CTX_new(SSLv23_server_method());
// setting veraires options and certificates
SSL_OP_ALL|SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION
create a non-blocking socket main_sock and add it to epoll listening
queue in the main loop.
When a connection is coming in, accept the socket(accepted_socket),
create a SSL * ssl with SSL_new(), set the accepted_socket to SSL with
SSL_set_fd()
set information callback with
SSL_set_info_callback()
SSL_set_mode(ssl, SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER);
Then add the accepted_socket to the epoll. (accepted_socket also set to
non-blocking)
Change the corresponding state to sslAccept state (my prg's state
machine), and back to mainloop and wait for further epoll event.
When the client have data sent, through the epoll event callback,
SSL_accept() is called. The return error code is check for
SSL_ERROR_WANT_READ/SSL_ERROR_WANT_WRITE, other cases consider error and
connection is dropped. The corresponding epoll monitor flag is set
according to the return code (for read or write).
After SSL_accept is finish and successful, for this instance of
connection, the state change to various communication states and calling
SSL_read()/SSL_write() as needed. error code from both calls are checked
(SSL_ERROR_WANT_READ, SSL_ERROR_WANT_WRITE, SSL_ERROR_NONE,
SSL_ERROR_SYSCALL (when errno == EINTR or EAGAIN, it is consider as
again not error), all other cases considered as error and drop the
connection.
That is about the main flow of it. When another connection is made, the
accepted_socket is added to the epoll, and just follow the states flow.
Each connection has its own structure to hold its states. The main loop
just waiting for the epoll event and do dispatching.
For the testing, each client sends small data trunk of 64 bytes in an
interval about 1 seconds.
All operation is handled within a single process and single thread.
The strange thing is that, it is not happened all the time, some times i
connected 10 clients without problem. When it happened, it always
happened when the new connection's SSL_accept is in progress and return
SSL_ERROR_WANT_READ.
When SSL_ERROR_SSL is encountered in SSL_read(), I checked the errno is
EAGAIN, if I acknowledge the errno, then the it seems data will keep
flowing without problem.
But according to my search from the Internet, when SSL_ERROR_SSL is
encountered, errno has no meaning to it and I should consider it as a
fatal error in the SSL sense.
vinni rathore wrote:
Hello,
I also created the same kind of Server that handle the different
clients but the only difference that i have different threads for
reading and writing as my application needed...
May be u need to check SSL structure for both read and write for
different connections.
There is no problem in making same context for all clients only u need
to care about the information of one client should not be lost when u
r handshaking with another client as it will create problems in read
and write.
So i need some more details.. like single thread means everything u r
doing in sequence.. is that??
means first socket connection.. then SSL new... then SSL_accept and
finally read then write..
I mean please explain the structure with little more details that u r
using for multi client support...
hope will find some clue..
On Thu, Sep 25, 2008 at 12:28 AM, qunying
<[EMAIL PROTECTED]> wrote:
Hi,
I encountered a strange error. I have a single thread server running in
linux which use epoll for multiple nonblocking connections. There is
only
one server context, each SSL is created with SSL_new() from the same
context.
1. When I have one SSL connection setup, and have traffic going
through it
without problem.
2. A second connection is comming in and calling SSL_accept(),
sometimes it
will cause the first SSL's SSL_read return SSL_ERROR_SSL. with the error
information from ERR_error_string(): 0x42445e38 Resource temporarily
unavailable. error:00000000:lib(0):func(0):reason(0).
It happened when SSL_accept()returns -1, and SSL_get_error() return
SSL_ERROR_WANT_READ. At this stage, the SSL is in "SSLv2/v3 read client
hello A" when I print with SSL_state_string_long().
Does anybody encounter similar problem?
I am running OpenSSL-0.9.7m. The two connections are from different
PCs.
Thanks
Qunying
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
