Re: Problem handling unexpected SSL shutdown

Thu, 16 Aug 2007 09:44:21 -0700 

Shaw Graham George wrote:

The problem is that, on Windows at least, my server doesn't appear to
get the "SSL shutdown notify" packet, for some reason.  So, if that is
to be expected, I'm looking for an alternative way of detecting the
closure.

I've now tested it on Linux, and the existing code works fine.  In other
words, when trying the SSL_Get:

SSL_read() ?


1.  It fails
2.  SSL_get_error() returns SSL_ERROR_ZERO_RETURN
3.  (SSL_get_shutdown() & SSL_RECEIVED_SHUTDOWN) is true

On Windows this is not the case.

But I guess if this problem is restricted to Windows, then I can:

1.  Add the call to WSAGetLastError() just for that platform
2.  Use it to detect the socket closure and ...
3.  Softly close the server socket that way

Unless somebody has any better ideas ...
Can you log the OpenSSL API calls you make and the return values you see. When seeing any errors from OpenSSL don't forget the idiom's: 

int err = SSL_get_error(client->ssl, n);
int wsa_errno = WSAGetLastError();
and log the values you see. Please also include the OpenSSL API calls made just before the other end disappears. 


This would clear up in my mind what you are observing :
* You don't get the read-ready wakeup event from Win32 API ? So you never get a chance to call SSL_read().
* You don't see an error from SSL_read() ? But what did it return instead ?
* You never see '(SSL_get_shutdown() & SSL_RECEIVED_SHUTDOWN) is true' condition, even though you have written you own client and can confirm it does/will send a "SSL shutdown notify" packet, will ensure the data is flushed to the socket and will keep the socket open waiting to receive a "SSL shutdown notify" packet from the other end ?
If you get the read-ready wakeup event from Win32 API, then your code will end up calling SSL_read() and that call should attempt to process another packet and pull data from the socket as necessary until no more progress can be made at this time. This will implicitly process the "SSL shutdown notify" packet. 


Darryl
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager                           [EMAIL PROTECTED]

Reply via email to