On Mon, Nov 11, 2002 at 06:17:41PM -0800, David Schwartz wrote:
> The application uses a bio pairs approach, using OpenSSL just as a data
> pump. OpenSSL itself does not touch any sockets. Three bios are used, the
> SSLbio is used to pass cleartext to and get cleartext from the SSL
> connection. The SSL engine talks to one half of the BIO pair and the
> encrypted data is sent to and received from an IObio which is the other half
> of the pair.
>
> Everything works fine most of the time. For short-lived HTTPS
> connections, there's no problem ever. However, for long-running connections,
> eventually the connection breaks. Internally, the problem occurs when reading
> from the SSLbio to attempt to get cleartext from the SSL engine. The error is
> as follows:
>
> 23574:error:20071078:BIO routines:BIO_write:uninitialized:bio_lib.c:196:
>
> So, somehow the SSL bio isn't initialized anymore. But how could that
> have happened?
>
> Note that this isn't the usual deadlock problem. There's no evidence of
> any deadlocking at all and my code is careful to try all directions to avoid
> a deadlock.
>
> If it helps, my application differs from the bio pair code in ssltest.c
> in one way that might be significant. My code never use BIO_ctrl_pending or
> BIO_ctrl_get_write_gurantee. It just tries to write or read and takes what
> it gets or doesn't get. If the return value is <0, it calls BIO_should_retry
> to see if it's a hard error or a soft error. (Is this okay? If not, is there
> some other test I should do?)
>
> I've tested most extensively on Linux with OpenSSL-0.9.6g, however we've
> seen the same symptoms (long-lived connections mysteriously breaking) on
> other platforms with other versions (but have not confirmed that the same
> underlying process is responsible).
I am using the BIO-pair approach for Postfix/TLS. I don't know which other
applications are out there using BIO-pairs. So far I have not seen any
failure. As you will be pretty much aware, SMTP is more of a short lived
protocol. Therefore I am afraid that I cannot tell you much more than
that I am not aware of any related issue.
Having this said... I would probably check out the BIO objects to see, at
which instance the BIO->init element of the BIO structure is set to 0.
(Did the BIO object change completely, meaning that it might have
been overwritten somehow? Did you run tests with efence or another
debugging support tool?)
Further debugging strategies will depend on the outcome of this test.
Best regards,
Lutz
--
Lutz Jaenicke [EMAIL PROTECTED]
http://www.aet.TU-Cottbus.DE/personen/jaenicke/
BTU Cottbus, Allgemeine Elektrotechnik
Universitaetsplatz 3-4, D-03044 Cottbus
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
