In ssl_lib.c there is this function:
int SSL_get_error(SSL *s,int i)
This should be referenced for the following problem description.
The following block of server code does not work properly when using
non-blocking sockets on AIX 4.3.
This block of code works properly on Solaris 2.51, 2.6, HPUX 10.20,11.00, NT
4, etc.
if ((err = SSL_accept( (SSL*)ssl )) <= 0) {
realError = SSL_get_error((SSL*)ssl,err);
if (realError == SSL_ERROR_WANT_READ)
printf("WANT_READ\n");
if (realError == SSL_ERROR_WANT_WRITE)
printf("WANT_WRITE";
}
On AIX, "WANT_READ" or "WANT_WRITE" is never printed even though it should
be.
Inspection of SSL_get_error indicates that SSL_want_read() is returning
true. However, BIO_should_read() is always returning 0 (false). This is a
serious error.
Because of this it is impossible to negotiate successfully with Openssl
using non-blocking sockets on AIX.
As a hack, the above code is changed to call ssl_want_read() instead of
SSL_get_error (and checking the specific error). This seems to work most of
the time. However, when a client connection comes in to a server using the
above code and prematurely breaks its connection during the initial
negotiation, ssl_want_read() will still continue to return true. There
appears to be no way to determine that this is an error condition. This
makes the hack effectively useless, as it can result in a server that spins.
Bruce LeMaster
Software Development Engineer
Hummingbird Communications, Inc.
Raleigh, NC 27603
mailto: [EMAIL PROTECTED]
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
