>From: owner-openssl-us...@openssl.org On Behalf Of James Marshall >Sent: Thursday, 09 August, 2012 19:41
>I'm trying to write a secure embedded HTTP server using OpenSSL. >I'm using non-blocking I/O, and the main functions I'm using are >SSL_accept(), SSL_read(), SSL_write(), and SSL_shutdown(). >After each one, I want to handle all possible return codes, >but I can't find docs that describe the meaning of them all. >I've read many pages under http://www.openssl.org/docs/ssl/ >and reviewed s_server.c . http://www.openssl.org/docs/ssl/SSL_get_error.html# or [MANPATH=whatever] man SSL_get_error on Unix. >For example, SSL_accept() sometimes returns 0, with SSL_get_error() >returning SSL_ERROR_SYSCALL . No errors show up from ERR_get_error(). >How should I handle this? Merely trying the SSL_accept() again results >in a busy loop with the same results. Per the manpage that's improper EOF, i.e. socket closed by client before it should be. Once a socket is closed it remains closed, so any further attempt to use it gets the same error. >Here's the block of code in question, in Perl and using the Net::SSLeay >module (which is basically wrappers around OpenSSL functions <snip> >The zero+SSL_ERROR_SYSCALL busy-loop result comes when using >Chrome 19.0.1084.56, but not Firefox 13.0. When I kill the >server process, either browser immediately displays the resulting page >correctly. Does this behavior ring any bells? Do you know (or have any logs) what was done before the problem & kill? If the browser fetched the page (and didn't just take it from cache) that apparently completed before the problem occurred, so the problem must have been on some subsequent/additional request. Thoughts: - a frame/iframe, image, script, app, or stylesheet referenced by the page. Some of these would cause visible errors if they fail, others wouldn't. - a request issued by script or code in the page -- although I would expect that to occur only after initial rendering. But browsers are so 'clever' nowadays I find it impossible to reliably predict what they'll do. Or meta refresh in the page, similarly. - some 'extra' info, like -- maybe even the same as -- IE's seeming compulsion to fetch favicon.ico even when there's no need for it. >This is all on Linux 3.1.10 (openSUSE). SSL_read(), SSL_write(), >and SSL_shutdown() are each handled with a similar block. >That's one of several questions I have. A more general question is: >Where can I find descriptions of all return codes when using >non-blocking I/O? See above. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
