> Thanks David.


> Unfortunately option 1) and 3) are not possible for my clients.


In other words, you cannot engineer a sensible option and have to fake it.
That's fine, but solutions that aren't engineered tend to be poor.

> option 2) seems the way to go for me, but so far it proved unreliable.


That was the downside of that option.

> Here are some scenarios I have been playing with:


> 1)Crash a client running on unix:


> The SSL_read returns 0 . The SSL error code is
> SSL_ERROR_SYSCALL [An SSL I/O error occurred]. The errno is 0!


Seems reasonable. No unread data was pending, so the TCP connection closed
normally.

You would definitely infer a crash in this case. Network failures don't
normally close connections.

> 2)Crash a client running on windows:


> The SSL_read returns -1 . The SSL error code is SSL_ERROR_SYSCALL
> [An SSL I/O error occurred]. The errno is ECONNRESET
> [Connection reset by peer]


So there was some pending unread data in this case. You would definitely
infer a crash in this case. A network failure won't reset a connection, but
a rebooting host might. So you can't be sure the client didn't crash.

> 3)Leave the client running on unix or on windows and unplug the network:


> The SSL_read returns -1 . The SSL error code is SSL_ERROR_SYSCALL
> [An SSL I/O error occurred].
> The errno is ECONNRESET [Connection reset by peer]


Did you unplug the client or server? Was the server running Windows? You
need to explain this case in detail. If you unplugged the *server*
interface, then that's a very unusual special case that you need to
specifically test for by checking the interface. (Due to an unfortunate
Windows bug. It reports ECONNRESET when it loses a network interface even
though the connection was *not* reset by the peer.)

> As you can see this does not seem to be reliable to distinguish
> between what really happened.


The first two cases seem perfectly sensible. You didn't explain the third
case in early enough detail for me to comment on it.

DS


__________________________________________________ ____________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majordomo@openssl.org