timeout vs. SSL_ERROR_WANT_XXXX

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
6 messages Options
opt
Reply | Threaded
Open this post in threaded view
|

timeout vs. SSL_ERROR_WANT_XXXX

opt
Hi everyone

I want to use timeout with select and I wonder how to "cancel" operation
(SSL_read or SSL_write non-blocking) that caused SSL_ERROR_WANT_READ (or
*_WRITE). I've got messages queue to send (and one for received too). If
I cannot send whole particular msg within some time (5 sec) I want to
discard this message and start sending another one. The problem is, when
not fully transmited (received) msg "locks" in state where I receive
SSL_ERROR_WANT_XXX. From docs etc. I know, that when I've got
SSL_ERROR_WANT_* I have to retry operation which caused this "error" but
it require more time, which I haven't got becouse I want to send another
message ! I can always close connection and open it again, but it is
ugly solution. Is there any way, to do it in more "polite" way ?

--
Mariusz Kedzierawski
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

RE: timeout vs. SSL_ERROR_WANT_XXXX

JoelKatz

> I want to use timeout with select and I wonder how to "cancel" operation
> (SSL_read or SSL_write non-blocking) that caused SSL_ERROR_WANT_READ (or
> *_WRITE). I've got messages queue to send (and one for received too). If
> I cannot send whole particular msg within some time (5 sec) I want to
> discard this message and start sending another one.

        That is just not possible. Byte streams don't work that way.

> The problem is, when
> not fully transmited (received) msg "locks" in state where I receive
> SSL_ERROR_WANT_XXX. From docs etc. I know, that when I've got
> SSL_ERROR_WANT_* I have to retry operation which caused this "error" but
> it require more time, which I haven't got becouse I want to send another
> message ! I can always close connection and open it again, but it is
> ugly solution. Is there any way, to do it in more "polite" way ?

        No. Rethink whatever it is about your design that imposed this bizarre
requirement. Byte streams do not support "all or nothing" operations.

        DS

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: timeout vs. SSL_ERROR_WANT_XXXX

Lokesh Kumar
In reply to this post by opt
HI,

You may want to consider using SSL_CTX_set_mode(...)
with SSL_MODE_AUTO_RETRY flag such that you would'nt recieve
SSL_ERROR_WANT_XXX messages.

Normally those messages come when the other side requests for re-negotiation.

-Lokesh.


On 5/31/05, opt <[hidden email]> wrote:

> Hi everyone
>
> I want to use timeout with select and I wonder how to "cancel" operation
> (SSL_read or SSL_write non-blocking) that caused SSL_ERROR_WANT_READ (or
> *_WRITE). I've got messages queue to send (and one for received too). If
> I cannot send whole particular msg within some time (5 sec) I want to
> discard this message and start sending another one. The problem is, when
> not fully transmited (received) msg "locks" in state where I receive
> SSL_ERROR_WANT_XXX. From docs etc. I know, that when I've got
> SSL_ERROR_WANT_* I have to retry operation which caused this "error" but
> it require more time, which I haven't got becouse I want to send another
> message ! I can always close connection and open it again, but it is
> ugly solution. Is there any way, to do it in more "polite" way ?
>
> --
> Mariusz Kedzierawski
> ______________________________________________________________________
> OpenSSL Project                                 http://www.openssl.org
> User Support Mailing List                    [hidden email]
> Automated List Manager                           [hidden email]
>
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: timeout vs. SSL_ERROR_WANT_XXXX

Gayathri Sundar-2
In reply to this post by opt
Hi,

What I think is as its the application's responsibility to retry
the "same" openssl operation whenever it receives a WANT_READ or
WANT_WRITE, why cant we simply overwrite the buffer that is passed
to say SSL_write with the next payload that needs to be sent when we hit
that error code, in this way we can automatically drop the earlier
payload that was attempted.
Hope this is correct.

Thanks
--Gayathri

===================================================
HI,

You may want to consider using SSL_CTX_set_mode(...)
with SSL_MODE_AUTO_RETRY flag such that you would'nt recieve
SSL_ERROR_WANT_XXX messages.

Normally those messages come when the other side requests for re-negotiation.

-Lokesh.


On 5/31/05, opt <[hidden email]> wrote:

> Hi everyone
>
> I want to use timeout with select and I wonder how to "cancel" operation
> (SSL_read or SSL_write non-blocking) that caused SSL_ERROR_WANT_READ (or
> *_WRITE). I've got messages queue to send (and one for received too). If
> I cannot send whole particular msg within some time (5 sec) I want to
> discard this message and start sending another one. The problem is, when
> not fully transmited (received) msg "locks" in state where I receive
> SSL_ERROR_WANT_XXX. From docs etc. I know, that when I've got
> SSL_ERROR_WANT_* I have to retry operation which caused this "error" but
> it require more time, which I haven't got becouse I want to send another
> message ! I can always close connection and open it again, but it is
> ugly solution. Is there any way, to do it in more "polite" way ?
>
> --
> Mariusz Kedzierawski
> ______________________________________________________________________
> OpenSSL Project                                 http://www.openssl.org
> User Support Mailing List                    [hidden email]
> Automated List Manager                           [hidden email]
>
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]


______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

RE: timeout vs. SSL_ERROR_WANT_XXXX

JoelKatz

> What I think is as its the application's responsibility to retry
> the "same" openssl operation whenever it receives a WANT_READ or
> WANT_WRITE, why cant we simply overwrite the buffer that is passed
> to say SSL_write with the next payload that needs to be sent when we hit
> that error code, in this way we can automatically drop the earlier
> payload that was attempted.
> Hope this is correct.
>
> Thanks
> --Gayathri

        As long as the other side knows how to deal with it. For example, if your
protocol is ASCII based, you could reserve an embedded nul to indicate a
"break" and that previous partial requests should be ignored. Otherwise, in
practice, you will be able to rely on being able to do this.

        The SSL protocol has no way to 'glue' application bytes together into a
record. It's a byte stream protocol. What will happen is you'll call
SSL_write and some fraction of what you think of as a record will be
accepted. But then a renegotiation will occur. So now what?

        DS


______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: timeout vs. SSL_ERROR_WANT_XXXX

Lokesh Kumar
In reply to this post by Gayathri Sundar-2
Exactly what david says...

why would you want to risk data loss ??

Lokesh.

On 6/2/05, Gayathri Sundar <[hidden email]> wrote:

> Hi,
>
> What I think is as its the application's responsibility to retry
> the "same" openssl operation whenever it receives a WANT_READ or
> WANT_WRITE, why cant we simply overwrite the buffer that is passed
> to say SSL_write with the next payload that needs to be sent when we hit
> that error code, in this way we can automatically drop the earlier
> payload that was attempted.
> Hope this is correct.
>
> Thanks
> --Gayathri
>
> ===================================================
> HI,
>
> You may want to consider using SSL_CTX_set_mode(...)
> with SSL_MODE_AUTO_RETRY flag such that you would'nt recieve
> SSL_ERROR_WANT_XXX messages.
>
> Normally those messages come when the other side requests for re-negotiation.
>
> -Lokesh.
>
>
> On 5/31/05, opt <[hidden email]> wrote:
> > Hi everyone
> >
> > I want to use timeout with select and I wonder how to "cancel" operation
> > (SSL_read or SSL_write non-blocking) that caused SSL_ERROR_WANT_READ (or
> > *_WRITE). I've got messages queue to send (and one for received too). If
> > I cannot send whole particular msg within some time (5 sec) I want to
> > discard this message and start sending another one. The problem is, when
> > not fully transmited (received) msg "locks" in state where I receive
> > SSL_ERROR_WANT_XXX. From docs etc. I know, that when I've got
> > SSL_ERROR_WANT_* I have to retry operation which caused this "error" but
> > it require more time, which I haven't got becouse I want to send another
> > message ! I can always close connection and open it again, but it is
> > ugly solution. Is there any way, to do it in more "polite" way ?
> >
> > --
> > Mariusz Kedzierawski
> > ______________________________________________________________________
> > OpenSSL Project                                 http://www.openssl.org
> > User Support Mailing List                    [hidden email]
> > Automated List Manager                           [hidden email]
> >
> ______________________________________________________________________
> OpenSSL Project                                 http://www.openssl.org
> User Support Mailing List                    [hidden email]
> Automated List Manager                           [hidden email]
>
>
> ______________________________________________________________________
> OpenSSL Project                                 http://www.openssl.org
> User Support Mailing List                    [hidden email]
> Automated List Manager                           [hidden email]
>
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]