Hi Paul,
I have also seen such hangs with our customer that uses SSL connection to us,
that's why I got rid of SSL_accept and SSL_connect... Openssl library handles
handshake and re-negotiation transparent, so it's enough to set accept or
connect state and go ahead with read/write operations and those will fail if
hadshake was not successfull... Just apply this patch to see what was
changed ;)
Btw. Such hang on handshake seems to be happen with windows clients,
unfortunately I don't know which ssl library is used.
On Wednesday 26 November 2003 19:03, Paul Keogh wrote:
> > attached you can find patch that does following:
> > 1) removes ssl_mutex
> > 2) correct SSL_[read|write] operations
> > 3) removes SSL_connect and SSL_accept because these
> > handled by openssl
> > library trasparent while SSL_[read|write] operations.
>
> Did you address this issue ? This code around SSL_accept ()
>
> while (((rc = SSL_accept(conn->ssl)) <= 0) &&
> ((SSL_get_error(conn->ssl, rc) == SSL_ERROR_WANT_READ) ||
> (SSL_get_error(conn->ssl, rc) == SSL_ERROR_WANT_WRITE))) {
> /* busy waiting */
> gwthread_sleep(0.02);
> }
>
> is an infinite loop waiting to happen. If the SSL handshake is never
> completed by the client, this loops forever. I have seen this with JSSE
> (1.0.3) clients when something goes wrong with the underlying socket or SSL
> handshake. I did'nt have the opportunity (or to be honest the motivation)
> to debug what was happening in the OpenSSL state machine but I can confirm
> that SSL_accept() hung forever. I never did get a definitive answer from
> the client (they're an operator) as to what behaviour they saw on the
> client end.
>
> So I guess we should assume that there are clients out there that can make
> the SSL_accept while loop hang and change the gwthread_sleep () to a
> gwthread_pollfd() with a sensible timeout value.
>
> ie.
>
> io_pending = gwthread_pollfd(conn->fd, POLLIN, 10);
>
> if (io_pending & POLLIN)
> continue;
> else
> {
> /* Nothing to read after timeout, avoid infinite looping */
> warning(0, "conn_wrap_fd(): Read timeout on SSL socket has
> expired");
> break;
> }
--
Best regards / Mit besten Gr��en aus D�sseldorf
Dipl.-Ing.
Alexander Malysh
___________________________________________
Centrium GmbH
Vogelsanger Weg 80
40470 D�sseldorf
Fon: +49 (0211) 74 84 51 80
Fax: +49 (0211) 277 49 109
email: [EMAIL PROTECTED]
web: www.centrium.de
msn: [EMAIL PROTECTED]
icq: 98063111
___________________________________________
Please avoid sending me Word, Excel or PowerPoint attachments.
See http://www.fsf.org/philosophy/no-word-attachments.html
