Newbie SSL_write question

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
6 messages Options
Reply | Threaded
Open this post in threaded view
|

Newbie SSL_write question

Michael-36
Hi,

I have a 'problem' that has been reported before, namely that only the
first 32k of my messages are being sent/read by my openSSL
client/server.

The original post is here:
http://marc.theaimsgroup.com/?l=openssl-users&m=101180918225646&w=2.

The solution given was to read the man pages for SSL_read & SSL_write,
but -- probably because I'm not as experienced as others -- I am still
stumped.

My code uses blocking sockets, has the SSL_CTX
SSL_MODE_ENABLE_PARTIAL_WRITE option set and loops on the ssl_read but
the socket is closed after the first 32k is sent.

Why, if a message block size is 16k, does the first 32k of a message
get written/read, then the socket dropped?

I'm hoping someone with some patience can help me here...

Thanks in advance, I'm sorry if this is a trivial question for some,
but I'm still learning how OpenSSL works...

Michael.
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

RE: Newbie SSL_write question

JoelKatz

> I have a 'problem' that has been reported before, namely that only the
> first 32k of my messages are being sent/read by my openSSL
> client/server.
>
> The original post is here:
> http://marc.theaimsgroup.com/?l=openssl-users&m=101180918225646&w=2.
>
> The solution given was to read the man pages for SSL_read & SSL_write,
> but -- probably because I'm not as experienced as others -- I am still
> stumped.
>
> My code uses blocking sockets, has the SSL_CTX
> SSL_MODE_ENABLE_PARTIAL_WRITE option set and loops on the ssl_read but
> the socket is closed after the first 32k is sent.
>
> Why, if a message block size is 16k, does the first 32k of a message
> get written/read, then the socket dropped?
>
> I'm hoping someone with some patience can help me here...
>
> Thanks in advance, I'm sorry if this is a trivial question for some,
> but I'm still learning how OpenSSL works...

        Give us example code or more detailed information about what you mean by
"the socket dropped" and how you determined that.

        My bet is simply that there's a bug in your code. With non-blocking
sockets, you have to test the return value of SSL_read and properly handle
partial or failed sends. You may get a failed send if there was insufficient
space to fit a single block of protocol data (or if protocol data was sent
that corresponds to zero bytes of application data!). You may get a partial
send.

        DS


______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: Newbie SSL_write question

Michael-36
On 8/11/05, David Schwartz <[hidden email]> wrote:

<snip>

> > My code uses blocking sockets, has the SSL_CTX
> > SSL_MODE_ENABLE_PARTIAL_WRITE option set and loops on the ssl_read but
> > the socket is closed after the first 32k is sent.
> >
> > Why, if a message block size is 16k, does the first 32k of a message
> > get written/read, then the socket dropped?

<snip>

>         Give us example code or more detailed information about what you mean by
> "the socket dropped" and how you determined that.
>         My bet is simply that there's a bug in your code. With non-blocking
> sockets, you have to test the return value of SSL_read and properly handle
> partial or failed sends. You may get a failed send if there was insufficient
> space to fit a single block of protocol data (or if protocol data was sent
> that corresponds to zero bytes of application data!). You may get a partial
> send.

Thanks for your reply David - I think you're probably right about my code! ;-)

Upon your suggestion I added some more cases to test the return code
of ssl_write and found that I am getting a SSL_ERROR_SYSCALL after the
first 32 bytes.

Here is is the code. As mentioned before, I have the SSL_CTX set with
partial writes enabled, the main write loop is as follows (for
clarity,I've removed all the tests of ssl_write other than those that
get called).

--start------------
char error_str[BUFF_SIZE]
char out_buf[BUFFSIZE];
int sent_bytes=0;
int offset=0;
int bytes_to_send = <length of data in out_buf>

fprintf(stderr, "- Attempting to write %d bytes\n", bytes_to_send);

while(bytes_to_send){

    sent_bytes = SSL_write(p_ssl, out_buf+offset, bytes_to_send);

    switch(SSL_get_error(p_ssl, sent_bytes)) {
        case SSL_ERROR_NONE:
            bytes_to_send -= sent_bytes;
            offset += sent_bytes;
            fprintf(stderr, "- Written %d bytes\n", sent_bytes);
            break;
        case SSL_ERROR_SYSCALL:
            error_str = Err_error_string(Err_get_error());
            fprintf(stderr, "- SSL_ERROR_SYSCALL: %s\n", error_str);
            return false; // exit routine
        default:
            fprintf(stderr, "- SSL_write reports %d\n", sent_bytes);
            return false; // exit routine
    }
}
--end--------------

When I try and write more than 32k I get the following messages...

- Attempting to write 59266 bytes
- Written 16384 bytes
- Written 16384 bytes
- SSL_ERROR_SYSCALL: error:00000000:lib(0):func(0):reason(0)

I have SSL_load_error_strings() earlier in my code, but don't get any
more information than this.

I'm still at a loss as to whats happening here, but many thanks for
your help in getting this far.

Michael.
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

RE: Newbie SSL_write question

JoelKatz

> When I try and write more than 32k I get the following messages...
>
> - Attempting to write 59266 bytes
> - Written 16384 bytes
> - Written 16384 bytes
> - SSL_ERROR_SYSCALL: error:00000000:lib(0):func(0):reason(0)
>
> I have SSL_load_error_strings() earlier in my code, but don't get any
> more information than this.
>
> I'm still at a loss as to whats happening here, but many thanks for
> your help in getting this far.

        Follow up to see what the error was.(Check 'errno' on UNIX, check
WSAGetLastError on Windows.)

        DS


______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: Newbie SSL_write question

Jagannadha Bhattu
In reply to this post by Michael-36
Call ERR_clear_error() before while loop and call
ERR_get_error_line_data in a loop till it returns 0 inside
SSL_ERROR_SYSCALL case. This may give you some idea on what went
wrong.

JB

On 8/11/05, Michael <[hidden email]> wrote:

> On 8/11/05, David Schwartz <[hidden email]> wrote:
>
> <snip>
>
> > > My code uses blocking sockets, has the SSL_CTX
> > > SSL_MODE_ENABLE_PARTIAL_WRITE option set and loops on the ssl_read but
> > > the socket is closed after the first 32k is sent.
> > >
> > > Why, if a message block size is 16k, does the first 32k of a message
> > > get written/read, then the socket dropped?
>
> <snip>
>
> >         Give us example code or more detailed information about what you mean by
> > "the socket dropped" and how you determined that.
> >         My bet is simply that there's a bug in your code. With non-blocking
> > sockets, you have to test the return value of SSL_read and properly handle
> > partial or failed sends. You may get a failed send if there was insufficient
> > space to fit a single block of protocol data (or if protocol data was sent
> > that corresponds to zero bytes of application data!). You may get a partial
> > send.
>
> Thanks for your reply David - I think you're probably right about my code! ;-)
>
> Upon your suggestion I added some more cases to test the return code
> of ssl_write and found that I am getting a SSL_ERROR_SYSCALL after the
> first 32 bytes.
>
> Here is is the code. As mentioned before, I have the SSL_CTX set with
> partial writes enabled, the main write loop is as follows (for
> clarity,I've removed all the tests of ssl_write other than those that
> get called).
>
> --start------------
> char error_str[BUFF_SIZE]
> char out_buf[BUFFSIZE];
> int sent_bytes=0;
> int offset=0;
> int bytes_to_send = <length of data in out_buf>
>
> fprintf(stderr, "- Attempting to write %d bytes\n", bytes_to_send);
>
> while(bytes_to_send){
>
>    sent_bytes = SSL_write(p_ssl, out_buf+offset, bytes_to_send);
>
>    switch(SSL_get_error(p_ssl, sent_bytes)) {
>        case SSL_ERROR_NONE:
>            bytes_to_send -= sent_bytes;
>            offset += sent_bytes;
>            fprintf(stderr, "- Written %d bytes\n", sent_bytes);
>            break;
>        case SSL_ERROR_SYSCALL:
>            error_str = Err_error_string(Err_get_error());
>            fprintf(stderr, "- SSL_ERROR_SYSCALL: %s\n", error_str);
>            return false; // exit routine
>        default:
>            fprintf(stderr, "- SSL_write reports %d\n", sent_bytes);
>            return false; // exit routine
>    }
> }
> --end--------------
>
> When I try and write more than 32k I get the following messages...
>
> - Attempting to write 59266 bytes
> - Written 16384 bytes
> - Written 16384 bytes
> - SSL_ERROR_SYSCALL: error:00000000:lib(0):func(0):reason(0)
>
> I have SSL_load_error_strings() earlier in my code, but don't get any
> more information than this.
>
> I'm still at a loss as to whats happening here, but many thanks for
> your help in getting this far.
>
> Michael.
> ______________________________________________________________________
> OpenSSL Project                                 http://www.openssl.org
> User Support Mailing List                    [hidden email]
> Automated List Manager                           [hidden email]
>
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: Newbie SSL_write question

Michael-36
Thanks for Jagannadha and David for their replies and help with this.

I delved into the server-side of the code yesterday and found the
fault (luckily it's someone elses!).

Basically the server wasn't using select and fd_set/fd_isset
correctly, and was terminating the socket after 32k of recieved data.

Still, I've learnt a lot from David and Jagannadha, thanks again for
taking the time to reply to my post.

Michael.

On 8/12/05, Jagannadha Bhattu Gosukonda <[hidden email]> wrote:

> Call ERR_clear_error() before while loop and call
> ERR_get_error_line_data in a loop till it returns 0 inside
> SSL_ERROR_SYSCALL case. This may give you some idea on what went
> wrong.
>
> JB
>
> On 8/11/05, Michael <[hidden email]> wrote:
> > On 8/11/05, David Schwartz <[hidden email]> wrote:
> >
> > <snip>
> >
> > > > My code uses blocking sockets, has the SSL_CTX
> > > > SSL_MODE_ENABLE_PARTIAL_WRITE option set and loops on the ssl_read but
> > > > the socket is closed after the first 32k is sent.
> > > >
> > > > Why, if a message block size is 16k, does the first 32k of a message
> > > > get written/read, then the socket dropped?
> >
> > <snip>
> >
> > >         Give us example code or more detailed information about what you mean by
> > > "the socket dropped" and how you determined that.
> > >         My bet is simply that there's a bug in your code. With non-blocking
> > > sockets, you have to test the return value of SSL_read and properly handle
> > > partial or failed sends. You may get a failed send if there was insufficient
> > > space to fit a single block of protocol data (or if protocol data was sent
> > > that corresponds to zero bytes of application data!). You may get a partial
> > > send.
> >
> > Thanks for your reply David - I think you're probably right about my code! ;-)
> >
> > Upon your suggestion I added some more cases to test the return code
> > of ssl_write and found that I am getting a SSL_ERROR_SYSCALL after the
> > first 32 bytes.
> >
> > Here is is the code. As mentioned before, I have the SSL_CTX set with
> > partial writes enabled, the main write loop is as follows (for
> > clarity,I've removed all the tests of ssl_write other than those that
> > get called).
> >
> > --start------------
> > char error_str[BUFF_SIZE]
> > char out_buf[BUFFSIZE];
> > int sent_bytes=0;
> > int offset=0;
> > int bytes_to_send = <length of data in out_buf>
> >
> > fprintf(stderr, "- Attempting to write %d bytes\n", bytes_to_send);
> >
> > while(bytes_to_send){
> >
> >    sent_bytes = SSL_write(p_ssl, out_buf+offset, bytes_to_send);
> >
> >    switch(SSL_get_error(p_ssl, sent_bytes)) {
> >        case SSL_ERROR_NONE:
> >            bytes_to_send -= sent_bytes;
> >            offset += sent_bytes;
> >            fprintf(stderr, "- Written %d bytes\n", sent_bytes);
> >            break;
> >        case SSL_ERROR_SYSCALL:
> >            error_str = Err_error_string(Err_get_error());
> >            fprintf(stderr, "- SSL_ERROR_SYSCALL: %s\n", error_str);
> >            return false; // exit routine
> >        default:
> >            fprintf(stderr, "- SSL_write reports %d\n", sent_bytes);
> >            return false; // exit routine
> >    }
> > }
> > --end--------------
> >
> > When I try and write more than 32k I get the following messages...
> >
> > - Attempting to write 59266 bytes
> > - Written 16384 bytes
> > - Written 16384 bytes
> > - SSL_ERROR_SYSCALL: error:00000000:lib(0):func(0):reason(0)
> >
> > I have SSL_load_error_strings() earlier in my code, but don't get any
> > more information than this.
> >
> > I'm still at a loss as to whats happening here, but many thanks for
> > your help in getting this far.
> >
> > Michael.
> > ______________________________________________________________________
> > OpenSSL Project                                 http://www.openssl.org
> > User Support Mailing List                    [hidden email]
> > Automated List Manager                           [hidden email]
> >
> ______________________________________________________________________
> OpenSSL Project                                 http://www.openssl.org
> User Support Mailing List                    [hidden email]
> Automated List Manager                           [hidden email]
>
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]