SSL_shutdown return error when close in init state(openssl 1.1.0)

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

SSL_shutdown return error when close in init state(openssl 1.1.0)

limingllmm
Hello
 I'm using open1.1.0e in async mode with intel QuickAssist Engine to handle https connections, but there's some problem.
I use  apache benchmark tool to test thehttps connections,  the description is as follow:

 client(ab)-------------------------- server(my program)

<---------TCP handshake---------------->
-------------ssl client hello--------------->
<---------server hello,certicate...---------
-----------client key exchange....-------->
//here, server's SSL_do_handshake reutrns SSL_ERROR_WANT_ASYNC repeatly,

-----------FIN+ACK---------------------->

//client want to close the connection, then, server should close ssl connection ,In program, I intend to close SSL connections in quiet mode:
SSL_set_quiet_shutdown(ssl,1);
SSL_shutdown(ssl);

but SSL_shutdown returns SSL_ERROR_SSL, because SSL_in_init(s) return true.
int SSL_shutdown(SSL *s)
{
    /*
     * Note that this function behaves differently from what one might
     * expect.  Return values are 0 for no success (yet), 1 for success; but
     * calling it once is usually not enough, even if blocking I/O is used
     * (see ssl3_shutdown).
     */

    if (s->handshake_func == NULL) {
        SSLerr(SSL_F_SSL_SHUTDOWN, SSL_R_UNINITIALIZED);
        return -1;
    }

    if (!SSL_in_init(s)) {
        if ((s->mode & SSL_MODE_ASYNC) && ASYNC_get_current_job() == NULL) {
            struct ssl_async_args args;

            args.s = s;
            args.type = OTHERFUNC;
            args.f.func_other = s->method->ssl_shutdown;

            return ssl_start_async_job(s, &args, ssl_io_intern);
        } else {
            return s->method->ssl_shutdown(s);
        }
    } else {
        SSLerr(SSL_F_SSL_SHUTDOWN, SSL_R_SHUTDOWN_WHILE_IN_INIT);
        return -1;
    }
}

I'm confused, what should I do here ???
(1) just call SSL_free(ssl) to free SSL connection, then the async engine may callback and using SSL's waitctx, which cause crash.  Also I noticed that SSL's job doesn't free neither, which may cause memory leak;

(2)continue call SSL_shutdown(ssl),  and it will always return SSL_ERROR_SSL

Is anybody know? thanks  


 



 


--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users