Nie możesz wybrać więcej, niż 25 tematów
Tematy muszą się zaczynać od litery lub cyfry, mogą zawierać myślniki ('-') i mogą mieć do 35 znaków.
Krzysztof Kwiatkowski
aea977d6ea
|
10 lat temu | |
|---|---|---|
| .. | ||
| etc | 10 lat temu | |
| Makefile | 10 lat temu | |
| README.md | 10 lat temu | |
| client.cpp | 10 lat temu | |
| client.h | 10 lat temu | |
| defs.h | 10 lat temu | |
| out | 10 lat temu | |
| server.cpp | 10 lat temu | |
| server.h | 10 lat temu | |
| ssl_process.cpp | 10 lat temu | |
| ssl_process.h | 10 lat temu | |
README.md
buggy_openssl_with_fullduplex
Toy code which shows problems with non-blocking, fullduplex I/O & renegotiation in OpenSSL
How it works:
Client & Server:
- it has two threads - sender & receiver
- writes and reads are mutexed
Client:
- I/O is blocking (but can be non-blocking)
Server:
- I/O is non-blocking
- each thread runs it's own select()
1. After client & server are connected (and SSL handshake done) client sender
thread starts sending first message (in a loop).
2. When server receives first query it starts sending string EXCHANGE_STRING for
SEND_ITERATIONS number of times. So now we have 4 threads that are sending
and receiving traffic at the same time ( 2 send/receive threads on each
server and client side )
3. When client receives RENEG_INIT_LEN number of characters it starts
renegotiation ( if other one is not pending ). Bug starts to occure here
BUG:
Client side: client starts to report SSL_ERROR_SYSCALL
Server side: server reports SSL_ERROR_WANT_READ when receive function is called
TCP:
In TCP exchange we can see that transfer between client & server is OK until
client sends "Client Hello" packet. This packet is sent when SSL_renegotiate
is called