SSL_read returns SSL_ERROR_WANT_READ

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

SSL_read returns SSL_ERROR_WANT_READ

Carla Strembicke-2
Hi,
I need help deciphering why I am getting this error.
Below is the scenario which is not a common implementation ( well not that I have been able to fine on the net).
 
What I am doing is using bio  memory buffers (BIO_s_mem() ) at an embedded level away from the connection( currently tcpip).
So there is not sockets tied to the ssl.
 
As well, I am only utilizing encryption with only providing the client side with CA certificate and the server has a server certificate. 
On load everything appear to load correctly ( certifcates).
 
As well, I have set the verify context to SSL_VERIFY_NONE.
 
The server starts and loads its server certicate and private key successfully.
The client starts and load the CA certificate sucessfully.
 
The following code illustrate the ssl setup:

setup_function(connection &self, context *c)
{

 SSL_load_error_strings();
 SSL_library_init();

 _ssl = SSL_new(c->_impl->_ctx);
 if( _ssl==0 )
  throw logic_error("unable to create osa::ssl::connection");

 //our io mechanism is through memory buffers
 _in  = BIO_new(BIO_s_mem());
 _out = BIO_new(BIO_s_mem());

 SSL_set_bio(_ssl, _in, _out);

 //TODO: this is either accept or connect based upon the role
 //from the context
 
 if(c->get_role() == ssl::role_server)
 {
  SSL_set_accept_state(_ssl);
 }
 else
 {
  SSL_set_connect_state(_ssl);
 }
}

 
 
 The next this that I do is start sending data from client. First a connection has been established at the tcpip but ssl is unaware of this connection because this layer again is embedded.  On the client side raw data is written to the ssl structure using SSL_write().  Of course I recieve an SSL_ERROR_WANT_READ, but that is because I have to read it out of memory using BIO_read() and this  reads the data into buffer that is sent on the tcpip communication line.
 
This actaully seems to work, and the data is encrypted and looks ok ( I think).
 
The server is where I have problems.
 
The server recieves the  encrypted data and  sends to the lower level and where it is pumped into the SSL structure ( which is using these memory buffers) using the BIO_write call ( I acutally see that bytes are written into it) and the buffer looks good.  I then go and do an SSL_read() and I get nothing except  SSL_ERRO_WANT_READ. I do see that a session has been established and that the packet member actually contains the data I want access to....but the member state=8576 and rstate=240. 
 
What am I missing????
Is it somthing to do this the handshake that I am missing or the readinf of the data.
 
I have been working on this for a while and am at a stale mate......please help!!!
Reply | Threaded
Open this post in threaded view
|

Re: SSL_read returns SSL_ERROR_WANT_READ

JoelKatz
On 7/11/2011 3:18 PM, Carla Strembicke wrote:

> The server recieves the  encrypted data and  sends to the lower level
> and where it is pumped into the SSL structure ( which is using these
> memory buffers) using the BIO_write call ( I acutally see that bytes are
> written into it) and the buffer looks good.  I then go and do an
> SSL_read() and I get nothing except  SSL_ERRO_WANT_READ. I do see that a
> session has been established and that the packet member actually
> contains the data I want access to....but the member state=8576 and
> rstate=240.
> What am I missing????

Nothing that seems normal.

> Is it somthing to do this the handshake that I am missing or the readinf
> of the data.
> I have been working on this for a while and am at a stale
> mate......please help!!!

What's the problem exactly? If you get SSL_ERROR_WANT_READ it means that
there is no application data yet. The data you passed was likely
negotiation data.

DS

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: SSL_read returns SSL_ERROR_WANT_READ

Wim Lewis-3
In reply to this post by Carla Strembicke-2

On 11 Jul 2011, at 3:18 PM, Carla Strembicke wrote:
> The server recieves the  encrypted data and  sends to the lower level and where it is pumped into the SSL structure ( which is using these memory buffers) using the BIO_write call ( I acutally see that bytes are written into it) and the buffer looks good.  I then go and do an SSL_read() and I get nothing except  SSL_ERRO_WANT_READ. I do see that a session has been established and that the packet member actually contains the data I want access to....but the member state=8576 and rstate=240.
>  
> What am I missing????
> Is it somthing to do this the handshake that I am missing or the readinf of the data.

During the initial handshake (and a few other times) the two ends of the connection will need to send several messages back and forth before any cleartext data appears. Is it possible that the client or server has written a message to the buffer, and is returning SSL_WANT_READ because it is waiting for a response from the other side? Are you checking for data written to your _out BIO and copying it to the socket even when you are reading? See:
   http://www.openssl.org/support/faq.html#PROG10

If you look in ssl.h/ssl2.h/ssl3.h you can decode the state values (or use SSL_state_string_long()) to describe the connection's current state:
   8576 = 0x2180 = SSL_ST_ACCEPT|SSL3_ST_SR_CERT_A

which is part of the connection setup still, I think.



______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]