info
Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
OpenSSL 1.1.1e EOF handling
102 views
Skip to first unread message
Jan Wielemaker
Mar 29, 2020, 5:27:56 AM3/29/20
to
Our application is broken since 1.1.1e. This seems related to this change notification.
> Properly detect EOF while reading in libssl. Previously if we hit an EOF
while reading in libssl then we would report an error back to the
application (SSL_ERROR_SYSCALL) but errno would be 0. We now add
an error to the stack (which means we instead return SSL_ERROR_SSL) and
therefore give a hint as to what went wrong.
[Matt Caswell]
One of the tests tests timeout handling on the wire stream. The BIO read operation returns -1 in that case, which used to be mapped to SSL_ERROR_SYSCALL, after which we could retry the read operation (SSL_read())
As of 1.1.1e, this translates to SSL_ERROR_SSL and retrying the read immediately returns SSL_ERROR_SSL again.
Now, it seems wrong to me that if the BIO returns an error (not EOF), this translates to SSL_ERROR_SSL. Is this a bug or a misunderstanding?
I tried calling ERR_clear_error(), but that makes no noticeable difference.
My questions is
- Is there a (better) way to make the BIO signal there is an issue with the stream that might be temporary, so we can retry the (read) later?
Thanks --- Jan
> Properly detect EOF while reading in libssl. Previously if we hit an EOF
while reading in libssl then we would report an error back to the
application (SSL_ERROR_SYSCALL) but errno would be 0. We now add
an error to the stack (which means we instead return SSL_ERROR_SSL) and
therefore give a hint as to what went wrong.
[Matt Caswell]
One of the tests tests timeout handling on the wire stream. The BIO read operation returns -1 in that case, which used to be mapped to SSL_ERROR_SYSCALL, after which we could retry the read operation (SSL_read())
As of 1.1.1e, this translates to SSL_ERROR_SSL and retrying the read immediately returns SSL_ERROR_SSL again.
Now, it seems wrong to me that if the BIO returns an error (not EOF), this translates to SSL_ERROR_SSL. Is this a bug or a misunderstanding?
I tried calling ERR_clear_error(), but that makes no noticeable difference.
My questions is
- Is there a (better) way to make the BIO signal there is an issue with the stream that might be temporary, so we can retry the (read) later?
Thanks --- Jan
Jan Wielemaker
Apr 1, 2020, 4:48:28 AM4/1/20
to
It turns out that the BIO control method is called to see whether we are at EOF after we signal an error in the BIO read method (returning -1). In our implementation the EOF method incorrectly signaled true. Making it return false after a wire stream timeout fixed the issue.
That is great, but I still wonder why the end-of-file method is called after an error?
That is great, but I still wonder why the end-of-file method is called after an error?
Jesse Shipp
Dec 21, 2022, 1:30:42 PM12/21/22
to
Conventional cushions are not that agreeable particularly when you are lying on a couch for a fast rest.
Source: https://mushroomsquishmallow.com/
Source: https://mushroomsquishmallow.com/
0 new messages