>
> I have a single threaded test application (Red Hat Linux release 9 - Shrike),
> OpenSSL 0.9.8. I found that it's possible to permanently hang a thread
> receiving SSL calls if a network interruption occurs during an established
> connection.
>


This is the way TCP works. There's a couple of minute timeout
built into it. You can circumvent this behavior by setting
your ssl sockets to non-blocking, but if you can switch to
threaded processing that'd be the easier way to go.


Sometime after you create each socket do something like this:

int sl = 1;
SSL *ssl;
...
// set ssl socket nonblocking
if (BIO_socket_ioctl(SSL_get_fd(ssl),FIONBIO,&sl) < 0) {
// report an error
}


Then you have to deal with the likelyhood that every
ssl operation will return a "would block": either
an SSL_ERROR_WANT_READ or an SSL_ERROR_WANT_WRITE.

When you get either of these you can retry the same operation
later.


Here's a library that demonstrates non-blocking SSL IO:

http://staff.washington.edu/fox/ezs/


Jim







__________________________________________________ ____________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majordomo@openssl.org