On Tue, Nov 23, 2004, Louis LeBlanc wrote:
> On 11/22/04 02:20 PM, Louis LeBlanc sat at the `puter and typed:
> > Hey everyone. Been a long time since I've been able to spend much time
> > on SSL code, but here I am again.
> >
> > My app is a client side HTTP/HTTPS application, and the problem that
> > recently showed up (more likely it was just recently noticed) is a
> > problem of sorts with SSL_read(). But only with some servers.
> > Connections to other servers work just fine.
> >
> > Here's a snippet of the code giving problems:
> >
> > n = SSL_read(c->data, c->buf+c->bufend, len);
> >
> > if (n <= 0)
> > { int sslerr = ERR_get_error();
> > errcode = SSL_get_error(c->data, n);
> > if (errno) eptr = strerror(errno);
> > if (sslerr)
> > { (void *)ERR_error_string(sslerr, errbuf); errptr = errbuf; }
> > switch(errcode)
> > {
> > case SSL_ERROR_SYSCALL:
> > /* Some kind of I/O error; */
> > if (DebugSSL)
> > {
> > if (sslerr) /* SSL IO error? */
> > { /* SSL_13013:I:Problem in SSL_read():%s: %s:%d */
> > if (errptr && *errptr)
> > ERROR(errmsgs[SSL_13013], errptr, __FILE__, __LINE__);
> > else
> > ERROR(errmsgs[SSL_13013], "SSL_ERROR_SYSCALL" ,
> > __FILE__, __LINE__);
> > }
> > else if (eptr && *eptr) /* Some system error - check errno */
> > ERROR(errmsgs[SSL_13013], eptr, __FILE__, __LINE__);
> > else if (n == 0)
> > ERROR(errmsgs[SSL_13013], "SSL_ERROR_SYSCALL/EOF" ,
> > __FILE__, __LINE__); // XXXXXXX
> > else
> > ERROR(errmsgs[SSL_13013], "SSL_ERROR_SYSCALL/SOCKET" ,
> > __FILE__, __LINE__);
> > }
> > sslsock_shutdown(c);
> > return -1;
> > break;
> >
> > . . . // leaving out unrelated error handling
> >
> > }
> > }
> >
> > The error being logged is SSL_ERROR_SYSCALL/EOF - the section marked
> > with "XXXXXXX". Far as I can tell, this really shouldn't happen. There
> > appear to be no problems in the SSL_connect phase. This code snippet is
> > from the first read after the connection is established - the first
> > attempt to read the headers.
> >
> > My first assumption was that I must have mishandled the error condition
> > somehow. I reread the manpages for SSL_read() and SSL_get_error(), and
> > unless I'm interpreting these pages incorrectly, I have it right in the
> > code above.
> >
> > Also, I should note that regular browsers have no problem conecting to
> > the server, and my client app has no trouble connecting to other secure
> > servers. The problem has been occurring with my app linked to OpenSSL
> > 0.9.7a, but is easily reproduced with 0.9.7e.
> >
> > Here's the server string returned by the origin:
> > Server: IBM_HTTP_SERVER/1.3.19 Apache/1.3.20 (Unix)
> >
> > Anyone have any ideas how best to debug this?
>
> I guess there are no ideas out there. Not surprised. I've gone
> through the online docs, the Rescorla book, and the O'Reilly book. No
> idea, no mention of SSL_ERROR_SYSCALL, nothing. Nada.
>
> I guess my last option is to parse the code. Still not sure that'll
> tell me anything.
>
> Once again, any and all relevant suggestions and ideas are welcome.
>
Does the connection seem otherwise OK and you just get this error after all
data has been transferred?
Its possible that the system is being impolite and forcibly closing the
connection at the socket level.
Steve.
--
Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage
OpenSSL project core developer and freelance consultant.
Funding needed! Details on homepage.
Homepage: http://www.drh-consultancy.demon.co.uk
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
