Sam Jantz wrote:
> It's multi threaded with non-blocking I/O. I'm not sure exactly what
> you mean by socket discovery, but I think you are asking how my program
> determines when something is ready? If that's the case then my program
> uses a select statement to watch the file descriptor to see if it's ready
> for read or write. It uses a call back system to perform the correct
> action based on which fd_set was ready.
Okay, just make sure to only call 'select' when OpenSSL tells you to.
Otherwise, you may be waiting for something that has already happened.
>
> void ProxySSLConnection::handle_ssl_error(int ret,
> handler_function handler, const char * caller)
> {
> int error = SSL_get_error(_ssl, ret);
> switch (error)
> {
> case SSL_ERROR_WANT_READ:
> schedule_read(handler);
> break;
Your code has a subtle race condition because it assumes the two directions
of an SSL connection have independent states. Consider the following case:
1) SSL_read on connection A returns SSL_ERROR_WANT_READ.
2) In another thread, SSL_read on connection B returns with some data.
3) Some data arrives on connection A. SSL_read on connection A now would
return data immediately.
4) You call SSL_write on connection A to send the data you received in step
2. It reads from the socket the data that arrived in step 3. (SSL_read would
not return data without having to read on the socket, the socket is not
readable.)
5) You now act on the SSL_ERROR_WANT_READ you got in step 1, but it was
invalidated by the actions in step 4. You call 'select' to wait for data
that has already been received and never see the data received in step 3 and
read in step 4.
Before you call 'select' to wait for readability or writability, you must
make sure that data movement in the other direction did not make the
WANT_READ/WANT_WRITE indication invalid.
This bug tends to rear its ugly head only on renegotiations though. So I
don't think it's causing your actual problem.
DS
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
