Hey everyone. Been a long time since I've been able to spend much time
on SSL code, but here I am again.
My app is a client side HTTP/HTTPS application, and the problem that
recently showed up (more likely it was just recently noticed) is a
problem of sorts with SSL_read(). But only with some servers.
Connections to other servers work just fine.
Here's a snippet of the code giving problems:
n = SSL_read(c->data, c->buf+c->bufend, len);
if (n <= 0)
{ int sslerr = ERR_get_error();
errcode = SSL_get_error(c->data, n);
if (errno) eptr = strerror(errno);
if (sslerr)
{ (void *)ERR_error_string(sslerr, errbuf); errptr = errbuf; }
switch(errcode)
{
case SSL_ERROR_SYSCALL:
/* Some kind of I/O error; */
if (DebugSSL)
{
if (sslerr) /* SSL IO error? */
{ /* SSL_13013:I:Problem in SSL_read():%s: %s:%d */
if (errptr && *errptr)
ERROR(errmsgs[SSL_13013], errptr, __FILE__, __LINE__);
else
ERROR(errmsgs[SSL_13013], "SSL_ERROR_SYSCALL" ,
__FILE__, __LINE__);
}
else if (eptr && *eptr) /* Some system error - check errno */
ERROR(errmsgs[SSL_13013], eptr, __FILE__, __LINE__);
else if (n == 0)
ERROR(errmsgs[SSL_13013], "SSL_ERROR_SYSCALL/EOF" ,
__FILE__, __LINE__); // XXXXXXX
else
ERROR(errmsgs[SSL_13013], "SSL_ERROR_SYSCALL/SOCKET" ,
__FILE__, __LINE__);
}
sslsock_shutdown(c);
return -1;
break;
. . . // leaving out unrelated error handling
}
}
The error being logged is SSL_ERROR_SYSCALL/EOF - the section marked
with "XXXXXXX". Far as I can tell, this really shouldn't happen. There
appear to be no problems in the SSL_connect phase. This code snippet is
from the first read after the connection is established - the first
attempt to read the headers.
My first assumption was that I must have mishandled the error condition
somehow. I reread the manpages for SSL_read() and SSL_get_error(), and
unless I'm interpreting these pages incorrectly, I have it right in the
code above.
Also, I should note that regular browsers have no problem conecting to
the server, and my client app has no trouble connecting to other secure
servers. The problem has been occurring with my app linked to OpenSSL
0.9.7a, but is easily reproduced with 0.9.7e.
Here's the server string returned by the origin:
Server: IBM_HTTP_SERVER/1.3.19 Apache/1.3.20 (Unix)
Anyone have any ideas how best to debug this?
TIA
Lou
--
Louis LeBlanc [EMAIL PROTECTED]
Fully Funded Hobbyist, KeySlapper Extrordinaire :)
http://www.keyslapper.org ԿԬ
Committee, n.:
A group of men who individually can do nothing, but as a group
can decide that nothing can be done.
-- Fred Allen
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
