Good Evening folks:

If someone could push (or kick) me in the right direction, that would be
much appreciated.

I have a single threaded test application (Red Hat Linux release 9 -
Shrike), OpenSSL 0.9.8. I found that it's possible to permanently hang
a thread receiving SSL calls if a network interruption occurs during an
established connection.

A simple way to reproduce it would be to
1. Telnet to the SSL port on another machine, don't actually enter any
data (triggers a client/server Syn and Ack TCP exchnage, but no data

2. netstat shows the connection is now ESTABLISHED on the telnet
machine and the SSL server machine.

3. Simulate an outage by taking out the network jack on the client
machine. telnet sees this and closes it's connection.

4. The SSL Server thread show the connection as ESTABLISHED (no TCP
signal is sent otherwise) and waits for data that never comes. Stack
trace looks something like this:

(gdb) bt
#0 0xffffe410 in __kernel_vsyscall ()
#1 0xf7e711fb in __read_nocancel () from /lib/
#2 0xf7af3eec in BIO_sock_non_fatal_error ()
from /usr/ws/server/cserver/../../lib/linux/
#3 0x0000000a in ?? ()

I built openSSL 0.9.8 with the default configure options.

How could this operation be timed out?

Is this a problem with the way I am opening SSL ports?
Or the TCP layer underneath?
Any API suggestions for opening the SSL port?

Thanks again for any replies,

__________________________________________________ ____________________
OpenSSL Project
User Support Mailing List
Automated List Manager