Hi,
my program is an SSL client which is reading large amounts of data
without sending data itself (after the initial handshake).
My machine's connection does drop regularly, and I want to make sure
that my program detects the dropped connection instead of hanging in
read()/recv() forever.
My question is:
what is the *right* way to use SSL_read() so that a dropped connection
will be detected reliably?
I'm using a blocking socket that is passed to OpenSSL using the
SSL_set_fd() function (ie the BIO will be created automatically).
My first attempt was using setsockopt() to set a read timeout
(SO_RCVTIMEO). This does *not* help, because BIO_sock_non_fatal_error()
considers EAGAIN/EWOULDBLOCK non-fatal even for blocking fds
and just keeps going on.
Another attempt was to use select() to check if the socket is readable
just before calling SSL_read(), like so:
error = SSL_ERROR_NONE;
do {
if (error == SSL_ERROR_WANT_READ && !select (...))
{
/* timeout, bail */
exit()
}
nread = SSL_read (...);
error = SSL_get_error (ssl, nread);
} while (error == SSL_ERROR_WANT_READ || error == SSL_ERROR_WANT_WRITE);
Without the SO_RCVTIMEO, this doesn't work either, probably because
I'm only using select() if SSL_read() failed with SSL_ERROR_WANT_READ
before.
Am I supposed to unconditionally select() for readability before calling
SSL_read()? I think this might cause trouble if there is still
application data available to be read...
Am I supposed to use SSL_pending() to try to figure out if we need to
be able to read from the socket?
In combination with the socket timeout (SO_RCVTIMEO), the code above
does work, but it doesn't feel right.
I'm also wondering if BIO_sock_non_fatal_error() needs to be fixed to
treat EAGAIN and EWOULDBLOCK as fatal _iff_ the socket is blocking --
since that means that we hit a timeout.
I know I can work around this issue by manually checking errno for
EAGAIN/EWOULDBLOCK in case SSL_get_error() returns SSL_ERROR_WANT_READ,
but that seems the least solid solution.
Can anyone shed some light on this issue?
What am I missing?
Please CC me in your replies; I'm not subscribed to the list.
Thanks,
Tilman
--
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
A: Top-posting.
Q: What is the most annoying thing on usenet and in e-mail?
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
