Hi Jason,
I am afraid you will have to deal with the TCP timeout on your own.
Here is a quick and short answer :
http://stackoverflow.com/questions/11835203/openssl-ssl-connect-blocks-forever-how-to-set-timeout
Most important : http://www.openssl.org/docs/ssl/SSL_get_error.html
I am sure your question was often discussed in the past on this list.
Search about the OpenSSL 'internal state machine'.
Michel
Le 11/09/2013 16:39, Jason Schultz a écrit :
I have a server that implements secure communication using OpenSSL.
The server does a listen() on a port and keeps track of what listens
are secure/SSL listens. When a peer opens to that IP addr/port, the
server sees that it's for a secure connection and then makes the calls
to set up SSL information for the socket:
// error checking and extraneous code removed
sock = accept(listen_sock, (struct sockaddr*)&sa_cli, &client_len);
SSL_bio = BIO_new(BIO_s_socket());
SSL_obj = SSL_new(SSL_ctx);
BIO_set_fd(SSL_bio,sock,BIO_NOCLOSE);
SSL_set_bio(SSL_obj, SSL_bio, SSL_bio);
SSL_set_verify(SSL_obj,SSL_VERIFY_NONE,verify_callback);
SSL_set_accept_state(SSL_obj);
At that point, the server should be waiting for the ClientHello, and
will use SSL_read/write to perform the handshake.
Let's say the client/peer never sends in the ClientHello. In other
words, the client probably called connect() but not SSL_connect() or
some similar scenario.
Does OpenSSL eventually time out this connection and abort it
somehow? Are there OpenSSL API calls the server should be using to
ensure it does get timed out? Or is this something the server
application should keep track of and handle on it's own?
Thanks in advance.
