ssl_connect timer???

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

ssl_connect timer???

seema.jagatap




Hi

For the scenario where the Proxy server is establishing a TLS connection
with a UA using SSL_connect and due to some reason if
SSL_get_error returns SSL_ERROR_WANT_READ/SSL_ERROR_WANT_WRITE. For non
blocking BIOs I belive the operation of
SSL_connect with endpoint will still be going on in this case (correct me
if I am wrong). Then how long this operation (retrying for SSL_connect)
should go on? Does SSL_connect has any kind of internal timer where in it
will retry connecting(SSL_connect) till timeout and after that SSL_connect
returns failure?

Please provide some inputs.

thanks and regards
Seema

***********************  FSS-Private   ***********************
"DISCLAIMER: This message is proprietary to Flextronics Software Systems
Limited (FSS) and is intended solely for the use of the
individual to whom it is addressed. It may contain  privileged or
confidential information and should not be circulated or used for
any purpose other than for what it is intended. If you have received this
message in  error, please notify the originator immediately.
If you are not the intended recipient, you are notified that you are
strictly  prohibited  from  using, copying, altering, or disclosing
the contents of this message.  FSS  accepts no  responsibility  for loss or
damage arising from the use of  the information transmitted
by this email including damage from virus."

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

RE: ssl_connect timer???

Mark-62
Hi,

> with a UA using SSL_connect and due to some reason if
> SSL_get_error returns
> SSL_ERROR_WANT_READ/SSL_ERROR_WANT_WRITE. For non
> blocking BIOs I belive the operation of
> SSL_connect with endpoint will still be going on in this case

Try using SSL_CTX_set_mode(ctx, SSL_MODE_AUTO_RETRY);

Mark.
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

RE: ssl_connect timer???

seema.jagatap




Hi Mark,

Thanks for the response. I will try to explain my scenario a little
further.

My application does an ssl_connect. But the server application is buggy,
becuase of which the ssl_connect does not succeed, but returns
SSL_ERROR_WANT_READ/SSL_ERROR_WANT_WRITE error, which my application
interprets as an "inporgress" connection attempt.
However, the ssl_connect call does not seem to return at all even after a
long time. Thus, resources in my application which are associated with this
"inprogress" connection, remain indefinitely hanging.

Thus, there seems to be a need for ssl_connect to timeout, in order to
protect against such buggy servers. My query was:

1) Does ssl_connect have such an internal timeout mechanism after which the
OpenSSL will give up on the connection attempt and return failure for the
ssl_connect call?
            OR
2) Does a client application have to implement such a timer in its own
scope?

Any pointers on the same will be appreciated.
============================================================================================================================

thanks and regards
Seema



                                                                           
             "Mark"                                                        
             <hk9af5v02@sneake                                            
             mail.com>                                                  To
             Sent by:                  [hidden email]          
             owner-openssl-use                                          cc
             [hidden email]                                                
                                                                   Subject
                                       RE: ssl_connect timer???            
             11/28/2005 03:02                                              
             PM                                                            
                                                                           
                                                                           
             Please respond to                                            
             openssl-users@ope                                            
                 nssl.org                                                  
                                                                           
                                                                           




Hi,

> with a UA using SSL_connect and due to some reason if
> SSL_get_error returns
> SSL_ERROR_WANT_READ/SSL_ERROR_WANT_WRITE. For non
> blocking BIOs I belive the operation of
> SSL_connect with endpoint will still be going on in this case

Try using SSL_CTX_set_mode(ctx, SSL_MODE_AUTO_RETRY);

Mark.
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]



***********************  FSS-Private   ***********************
"DISCLAIMER: This message is proprietary to Hughes Software Systems Limited
(HSS) and is intended solely for the use of the individual to whom it is
addressed. It may contain  privileged or confidential information and
should not be circulated or used for any purpose other than for what it is
intended. If you have received this message in error, please notify the
originator immediately. If you are not the intended recipient, you are
notified that you are strictly prohibited from using, copying, altering, or
disclosing the contents of this message. HSS accepts no responsibility for
loss or damage arising from the use of the information transmitted by this
email including damage from virus."

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

RE: ssl_connect timer???

Mark-62
In reply to this post by seema.jagatap
Hi Seema,

> Thus, there seems to be a need for ssl_connect to timeout, in order to
> protect against such buggy servers. My query was:
>
> 1) Does ssl_connect have such an internal timeout mechanism
> after which the
> OpenSSL will give up on the connection attempt and return
> failure for the ssl_connect call?
>             OR
> 2) Does a client application have to implement such a timer in its own
> scope?

I'm not an expert at SSL but the only way I could see to do this is by
using non blocking I/O.  This will make SSL_connect() return with
SSL_ERROR_WANT_READ/SSL_ERROR_WANT_WRITE.  You can then use select()
to implement your timeout.

I think therefore that option (2) is the answer.

Hope this helps,
   Mark.


______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]