您最多选择25个主题 主题必须以字母或数字开头,可以包含连字符 (-),并且长度不得超过35个字符
 
 
 
Krzysztof Kwiatkowski c4a98d6155 Merge branch 'master' of https://github.com/flowher/buggy_openssl_with_fullduplex 11 年前
..
etc epoll init 11 年前
Makefile epoll init 11 年前
README.md Merge branch 'master' of https://github.com/flowher/buggy_openssl_with_fullduplex 11 年前
client.cpp epoll init 11 年前
client.h epoll init 11 年前
defs.h epoll init 11 年前
out epoll init 11 年前
server.cpp epoll init 11 年前
server.h epoll init 11 年前
ssl_process.cpp epoll init 11 年前
ssl_process.h epoll init 11 年前

README.md

buggy_openssl_with_fullduplex

Toy code which shows problems with non-blocking, fullduplex I/O & renegotiation in OpenSSL

What is it: This code shows that it is not possible to use SSL_write() and SSL_read() functions in the same way as ::send() and ::recv(). The main difference between SSL_write/read functions and send/recv system calls is that SSL_write function may in fact read data from the socket in some situations (similary SSL_read may need to write data to the socket).

How it works:

Client & Server:
- it has two threads - sender & receiver
- writes and reads are mutexed

Client:
- I/O is blocking (but can be non-blocking)

Server:
- I/O is non-blocking
- each thread runs it's own select()

1. After client & server are connected (and SSL handshake done) client sender
thread starts sending first message (in a loop).

2. When server receives first query it starts sending string EXCHANGE_STRING for
SEND_ITERATIONS number of times. So now we have 4 threads that are sending
and receiving traffic at the same time ( 2 send/receive threads on each
server and client side )

3. When client receives RENEG_INIT_LEN number of characters it starts
renegotiation ( if other one is not pending ). Bug starts to occure here

BUG:
Client side: client starts to report SSL_ERROR_SYSCALL
Server side: server reports SSL_ERROR_WANT_READ when receive function is called

TCP:
In TCP exchange we can see that transfer between client & server is OK until
client sends "Client Hello" packet. This packet is sent when SSL_renegotiate
is called