I have a server that implements secure communication using OpenSSL. The server
does a listen() on a port and keeps track of what listens are secure/SSL
listens. When a peer opens to that IP addr/port, the server sees that it's for
a secure connection and then makes the calls to set up SSL information for the
socket:
// error checking and extraneous code removed
sock = accept(listen_sock, (struct sockaddr*)&sa_cli, &client_len);
SSL_bio = BIO_new(BIO_s_socket());
SSL_obj = SSL_new(SSL_ctx);
BIO_set_fd(SSL_bio,sock,BIO_NOCLOSE);
SSL_set_bio(SSL_obj, SSL_bio, SSL_bio);
SSL_set_verify(SSL_obj,SSL_VERIFY_NONE,verify_callback);
SSL_set_accept_state(SSL_obj);
At that point, the server should be waiting for the ClientHello, and will use
SSL_read/write to perform the handshake.
Let's say the client/peer never sends in the ClientHello. In other words, the
client probably called connect() but not SSL_connect() or some similar scenario.
Does OpenSSL eventually time out this connection and abort it somehow? Are
there OpenSSL API calls the server should be using to ensure it does get timed
out? Or is this something the server application should keep track of and
handle on it's own?
Thanks in advance.
