I use printf output some debug infomation on server error is below:accepting
local ip:(null) tcp port:1081accept return 6
SSL_set_fd(ssl, new_normal_tcp_fd);success
SSL_set_mode(ssl, SSL_MODE_AUTO_RETRY); passed
SSL_accept failed return 0
253:error:14094412:SSL routines:SSL3_READ_BYTES:sslv3
Would it be possible to make SSL_shutdown() on non-blocking BIOs, conform
to the documentation and aligned to SSL_read, SSL_write, ...?
http://www.openssl.org/docs/ssl/SSL_shutdown.html
I cooked a tentative patch below, that seems to be working here.
It definitely need double check from someone
In s3_srvr.c, in ssl3_accept, one finds a BUF_MEM_new() followed
by a BUF_MEM_grow(buf,SSL3_RT_MAX_PLAIN_LENGTH). This allocates a
16K buffer per SSL session for use during the handshake.
When the handshake is complete, BUF_MEM_free() zeroizes this buffer.
As it turns out, this 16K memset() is
On Sat, Sep 29, 2007 at 01:19:38PM -0700, Davide Libenzi wrote:
But that code *never* returns WANT_READ/WANT_WRITE. Non blocking sockets
always get SSL_ERROR_SYSCALL. Well, unless the case where they both
succeed immediately - but that's like blocking behaviour.
Yes, I'm well aware of
On Sat, 29 Sep 2007, Thor Lancelot Simon wrote:
As far as changes to the existing behaviour, blocking BIOs will never get
the new error code (0). And noone could have used the non-blocking BIOs
in a sane way, with the current behavior
(lack of proper WANT_READ/WANT_WRITE).
I'm sorry,
On Sat, Sep 29, 2007 at 03:11:18PM -0700, Davide Libenzi wrote:
Heh? Wait for readwrite? Consider such code:
for (;;) {
err = SSL_shutdown();
code = SSL_get_error(ssl, err);
if (code == SSL_ERROR_SYSCALL) {
Thor Simon wrote:
On Sat, Sep 29, 2007 at 03:11:18PM -0700, Davide Libenzi wrote:
Heh? Wait for readwrite? Consider such code:
for (;;) {
err = SSL_shutdown();
code = SSL_get_error(ssl, err);
if (code == SSL_ERROR_SYSCALL) {
On Sat, 29 Sep 2007, Thor Lancelot Simon wrote:
On Sat, Sep 29, 2007 at 03:11:18PM -0700, Davide Libenzi wrote:
Heh? Wait for readwrite? Consider such code:
for (;;) {
err = SSL_shutdown();
code = SSL_get_error(ssl, err);
if (code ==
On Sat, Sep 29, 2007 at 03:35:29PM -0700, Davide Libenzi wrote:
I seriously doubt ppl are using SSL_shutdown() with non-blocking BIOs,
together with the current API semantics. Seriously.
Well, how do you suppose they're terminating their SSL sessions? If you
look at the archive of this
On Sat, 29 Sep 2007, Thor Lancelot Simon wrote:
On Sat, Sep 29, 2007 at 03:35:29PM -0700, Davide Libenzi wrote:
I seriously doubt ppl are using SSL_shutdown() with non-blocking BIOs,
together with the current API semantics. Seriously.
Well, how do you suppose they're terminating their
I seriously doubt ppl are using SSL_shutdown() with non-blocking BIOs,
together with the current API semantics. Seriously.
Are you new here? This library has been around for more than a decade.
There are *lots* of people using the current API with non-blocking.
Seriously.
double/triple
On Sat, 29 Sep 2007, Richard Salz wrote:
I seriously doubt ppl are using SSL_shutdown() with non-blocking BIOs,
together with the current API semantics. Seriously.
Are you new here? This library has been around for more than a decade.
There are *lots* of people using the current API
Define elegantly.
The current API works. Better is not a reason to change it.
/r$
--
STSM, DataPower Chief Programmer
Websphere DataPower SOA Appliances
http://www.ibm.com/software/integration/datapower/
__
OpenSSL
13 matches
Mail list logo
