SSL_read() = -1 and SSL_ERROR_SYSCALL, with mem BIO's

Previous Topic Next Topic
classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
Report Content as Inappropriate

SSL_read() = -1 and SSL_ERROR_SYSCALL, with mem BIO's

Ian Gilmour

I'm using a 3rd party library that maintains a TLS connection to a
server using mem BIO's and in which, usually under load, SSL_read()
occasionally returns -1, the SSL_get_error() returns SSL_ERROR_SYSCALL
and ERR_get_error() returns 0 (errno is 0). Under these conditions the
original code closes the existing connection and a few seconds later
reopens a new connection to the server.

I'd like to try and avoid these short offline periods if possible. When
the system is under load I'm seeing this error occur every few minutes.

As a test I modified the code to not close the connection on this
specific error condition.

With this mod in place and the system under load, the connection appears
to stay up for hours rather than minutes, with no adverse affects that I
can see.

But is it valid to do this? Or is the fact that I'm seeing this error so
frequently an indication of a problem elsewhere in the code?

Thanks in advance,

Ian G

openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users