I'm running a (jabber) socket multiplexor that provides both SSL and
non-SSL interfaces. The short story is that it manages multiple
long-lived TCP connections. I have no problems connecting via SSL until
the total number of connections exceeds about 250. After this point,
non-ssl connections are still accepted. SSL connections are rejected.
This code works great on Linux, but fails in this way on Solaris.
I traced it down as follows:
When I call SSL_use_certificate_file, it eventually boils down to a call
to file_cntl in crypto/bio/bss_file.c (in order to open key.pem).
Before I have 250 or so connections, the fopen (line 242) on the key
succeeds every time. After I have 250 or so connections, the call
fails. This is regardless of the value set by `ulimit -n` (which for
testing purposes was at 16384). The call to SSL_use_certificate_file
returns in error.
OPEN_MAX, the max # of fds allowable to me is honored by fopen and on
BSD and Gnu this value tracks ulimit values. On Solaris, tho, it
appears hard coded. To wit:
[craigk:~/tmp/fopen]$ cat foo.c
#include <stdio.h>
#include <errno.h>
int main()
{
int i = 0;
while (fopen("/etc/passwd", "r"))
{
i++;
}
fprintf(stderr, "Made it %d times. Errno %d (%s)\n", i, errno,
strerror(errno));
}
[craigk:~/tmp/fopen]$ ulimit -n
16384
[craigk:~/tmp/fopen]$ ./foo
Made it 253 times. Errno 24 (Too many open files)
[craigk:~/tmp/fopen]$ uname -a
SunOS dev3 5.8 Generic_108528-15 sun4u sparc SUNW,Ultra-60
Errored out at 253 + stdin + stdout + stderr = 256. How do I work
around this issue without rewriting all the BIO stuff to use
open/read/write/etc.? Have others encountered and solved this problem?
Both the multiplexor and the little fopen test program work the way
I'd like them to work on Linux.
--Craig
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
