> attached you can find patch that does following:
> 1) removes ssl_mutex
> 2) correct SSL_[read|write] operations
> 3) removes SSL_connect and SSL_accept because these
> handled by openssl
> library trasparent while SSL_[read|write] operations.
>
Did you address this issue ? This code around SSL_accept ()
while (((rc = SSL_accept(conn->ssl)) <= 0) &&
((SSL_get_error(conn->ssl, rc) == SSL_ERROR_WANT_READ) ||
(SSL_get_error(conn->ssl, rc) == SSL_ERROR_WANT_WRITE))) {
/* busy waiting */
gwthread_sleep(0.02);
}
is an infinite loop waiting to happen. If the SSL handshake is never completed
by the client, this loops forever. I have seen this with JSSE (1.0.3) clients when
something goes wrong with the underlying socket or SSL handshake. I did'nt have the
opportunity (or to be honest the motivation) to debug what was happening in the OpenSSL
state machine but I can confirm that SSL_accept() hung forever. I never did
get a definitive answer from the client (they're an operator) as to what behaviour
they saw on the client end.
So I guess we should assume that there are clients out there that can make
the SSL_accept while loop hang and change the gwthread_sleep () to a gwthread_pollfd()
with a sensible timeout value.
ie.
io_pending = gwthread_pollfd(conn->fd, POLLIN, 10);
if (io_pending & POLLIN)
continue;
else
{
/* Nothing to read after timeout, avoid infinite looping */
warning(0, "conn_wrap_fd(): Read timeout on SSL socket has
expired");
break;
}
