I have a program using C to handle ssl, the steps are as follows:
我有一个用C来处理ssl的程序,步骤如下:
retval = select(maxfd + 1, &rfds, NULL, NULL, &tv);
if (retval == -1) {
//report error
} else if (retval == 0) {
// timeout and reconnect
} else {
do {
memset(buf, 0, buf_len);
count = SSL_read((SSL*)conn->ssl, buf, (int)buf_len);
if (count <= 0) {
error("ssl error is %d", SSL_get_error((SSL*)conn->ssl, count))
error("an error: %s", strerror(errno));
break;
}
} while (conn->ssl && SSL_pending((SSL *)conn->ssl));
}
in some cases, return value of SSL_read is < 0, error number is 5, and error string is read ssl timeout.
why select indicates that socket is ready to read, but SSL_read timeout? how to use select with SSL_read correctly? thanks.
在某些情况下,SSL_read的返回值<0,错误号为5,错误字符串读取ssl超时。为什么select表示套接字已准备好读取,但SSL_read超时?如何正确使用选择SSL_read?谢谢。
1 个解决方案
#1
2
select only indicates that there is something on the socket to read. That might be nothing (i.e. peer closed connection) or some data. But for SSL you need more than just data. The payload is encapsulated in SSL frames and SSL_read can only decrypt the frame and return the payload once the full frame is read. Also there are control frames (like handshake or heartbeat...) which do not contain any payload at all.
select仅表示套接字上有东西要读取。这可能没什么(即对等关闭连接)或一些数据。但对于SSL,您需要的不仅仅是数据。有效载荷封装在SSL帧中,SSL_read只能解密帧并在读取完整帧后返回有效载荷。还有控制帧(如握手或心跳......),它们根本不包含任何有效载荷。
Thus if select returns that the socket is ready the following things can happen:
因此,如果select返回套接字就绪,则可能发生以下情况:
- connection close: in this case SSL_read will just return with an error
- 连接关闭:在这种情况下,SSL_read将返回错误
- incomplete SSL frame: SSL_read will just (blocking) wait for more data. It might return after a while with a read timeout.
- SSL帧不完整:SSL_read只会(阻塞)等待更多数据。它可能会在读取超时一段时间后返回。
- control frames: SSL_read will wait for more frames which actually contain payload and might also return after a while with read timeout.
- 控制帧:SSL_read将等待更多实际包含有效负载的帧,并且可能在读取超时一段时间后返回。
#1
2
select only indicates that there is something on the socket to read. That might be nothing (i.e. peer closed connection) or some data. But for SSL you need more than just data. The payload is encapsulated in SSL frames and SSL_read can only decrypt the frame and return the payload once the full frame is read. Also there are control frames (like handshake or heartbeat...) which do not contain any payload at all.
select仅表示套接字上有东西要读取。这可能没什么(即对等关闭连接)或一些数据。但对于SSL,您需要的不仅仅是数据。有效载荷封装在SSL帧中,SSL_read只能解密帧并在读取完整帧后返回有效载荷。还有控制帧(如握手或心跳......),它们根本不包含任何有效载荷。
Thus if select returns that the socket is ready the following things can happen:
因此,如果select返回套接字就绪,则可能发生以下情况:
- connection close: in this case SSL_read will just return with an error
- 连接关闭:在这种情况下,SSL_read将返回错误
- incomplete SSL frame: SSL_read will just (blocking) wait for more data. It might return after a while with a read timeout.
- SSL帧不完整:SSL_read只会(阻塞)等待更多数据。它可能会在读取超时一段时间后返回。
- control frames: SSL_read will wait for more frames which actually contain payload and might also return after a while with read timeout.
- 控制帧:SSL_read将等待更多实际包含有效负载的帧,并且可能在读取超时一段时间后返回。