Hi Angus,

I only mentioned the renegotiation because when I found references to that when trying to solve this problem, I'm not sure if this is actually what causes it. I'm not initiating any renegotiation myself, nor have I seen anything about that in the logs.

Meanwhile, I haven't been able to solve this yet, however, I did found that the problem can be quite easily reproduced using the OverbyteIcsSimpleSslCli and OverbyteIcsSimpleSslServer demo projects, and their certificates, provided in the ICS download. I've made some little changes on both projects to get the request / reply game running, besides this, the client has a timer on which it sends 'spontaneous' data (that means not initiated by the request / reply mechanics).

The more I dig into this, the more it seems that it's either a bug on OpenSSL, or a bug in the ICS implementation / ICS does something which is not allowed by OpenSSL. I really can't imagine it's a bug in OpenSSL, so it's pointing mainly towards user error or problems in ICS itself. I'm really hoping I'm doing something terribly wrong, but at the moment it looks like using ICS with OpenSSL for a connection where spontaneous data is being sent will not give a stable result :(

I've uploaded the altered ICS demo projects here: http://www.xs4all.nl/~bosma/OverbyteIcsSimple.zip

I really hope someone can take a look at this, maybe confirm if the problem is reproducible and see if I'm doing something wrong or this is indeed a problem inside ICS / OpenSSL.

To reproduce with these test projects do as follows:

- start server app
- press 'start' button on server app
- start client app
- press 'connect' button on client app
- as soon as the SSL authentication is done, you will see the client sending frequent keep alives and the server receiving them (each 500 ms) - press the 'start' button on the client, this will make the client send a request, and the server sent 9000 bytes of data back - after a short while, you will see the server stops receiving data, the request / reply routine stops working (the server doens't receive the requests anymore), you will see the client still sending keep alives, but the server does not receive them anymore. - in this situation, the server will never receive data on that socket anymore.

Hoping for a push into the right direction.

thanks in advance,

Merijn



On 25/11/2015 17:56, Angus Robertson - Magenta Systems Ltd wrote:
In short, it seems that OpenSSL can get confused when application
data is sent while it is doing renegotiation itself, if I
understood correctly.
Could this be the problem we are experiencing, or does the ICS
implementation around OpenSSL take this into account?
Why would you application be doing renegotiation?  Did you see any of that in 
the
logs.

As far as I'm aware, the ICS OpenSSL implementation is full duplex, as is 
TCP/IP.
But most protocols are essentially half duplex, unless streaming lining is used.

But I did not write ICS OpenSSL implementation, and try to avoid the deep
complexities of it, except for the parts I keep updating to improve it.

Angus


--
To unsubscribe or change your settings for TWSocket mailing list
please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket
Visit our website at http://www.overbyte.be

Reply via email to