Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Socket left in CLOSE_WAIT state...

204 views
Skip to first unread message

Matthew Allen

unread,
Apr 21, 2010, 5:18:27 AM4/21/10
to
Hi,

My code leaves sockets in the CLOSE_WAIT state after I free the SSL connection (running on windows XP with OpenSSL 0.9.8e). After I'm done with the connection I call SSL_shutdown and SSL_free, but that doesn't close the socket on the client side. My code's probably wrong, so tell me what I should change?

#include <stdlib.h>
#include "windows.h"
#include "openssl/ssl.h"

char Hostname[] = "imap.gmail.com";
int Port = 993;

int main(int args, char **arg)
{
printf("OpenSSL Test\n");

SSL_library_init();
SSL_load_error_strings();
ERR_load_BIO_strings();
OpenSSL_add_all_algorithms();

SSL_CTX *Ctx = SSL_CTX_new(SSLv23_client_method());
if (Ctx)
{
SSL *Ssl = 0;
BIO *Bio = BIO_new_ssl_connect(Ctx);
if (Bio)
{
BIO_get_ssl(Bio, &Ssl);
if (Ssl)
{
SSL_set_mode(Ssl, SSL_MODE_AUTO_RETRY);
BIO_set_conn_hostname(Bio, Hostname);
BIO_set_conn_int_port(Bio, &Port);

if (BIO_do_connect(Bio) > 0)
{
printf("Connected to '%s' using SSL\n", Hostname);

char Data[256];
char *Cmd = "A0001 CAPABILITY\r\n";
int w = SSL_write(Ssl, Cmd, strlen(Cmd));
if (w > 0)
{
printf("Wrote %i bytes.\n", w);

int r = SSL_read(Ssl, Data, sizeof(Data));
if (r > 0)
{
printf("Got %i bytes.\n", r);
}
else printf("SSL_read failed.\n");
}
else printf("SSL_write failed.\n");
}
else printf("BIO_do_connect failed.\n");
}
else printf("BIO_get_ssl failed.\n");
}
else printf("BIO_new_ssl_connect failed.\n");

if (Ssl)
{
SSL_shutdown(Ssl);
SSL_free(Ssl);
}

/* At this point I expect the socket should have disappeared, but it's still there
hanging around in CLOSE_WAIT... why? */

SSL_CTX_free(Ctx);
}

return 0;
}

Thanks
--
Matthew Allen

______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openss...@openssl.org
Automated List Manager majo...@openssl.org

Saju Paul

unread,
Apr 21, 2010, 8:49:23 AM4/21/10
to
Looks like it needs a BIO_free_all(bio) or something similair.

Darryl Miles

unread,
Apr 21, 2010, 10:55:08 AM4/21/10
to
Matthew Allen wrote:
> if (Ssl)
> {
> SSL_shutdown(Ssl);
> SSL_free(Ssl);
> }

Yes as the other writer says, you may need to close out the BIO (which
is the thing holding the socket descriptor/handle). So the "Bio" object
you created you may need to clean it up (in and around the SSL_free()).


Alternatively if you still get issues with CLOSE_WAIT.

if(SSL_shutdown(Ssl) >= 0)
shutdown(SSL_get_fd(Ssl), SHUT_WR);

Research into using the "shutdown()" system call to half-close a socket,
this has been used in the past, usually with servers to improve
efficiency during disconnection.


Darryl

Stuart Weatherby

unread,
Apr 21, 2010, 3:18:48 PM4/21/10
to
Shutdown disables the ability to read, write (or both) on a socket. However, shutdown() does not close the socket. to release the socket descriptor back to the OS you also need to call closesocket();

Hi,

    SSL_library_init();
    SSL_load_error_strings();
    ERR_load_BIO_strings();
    OpenSSL_add_all_algorithms();

        if (Ssl)
        {
            SSL_shutdown(Ssl);
            SSL_free(Ssl);
        }

        SSL_CTX_free(Ctx);
    }

    return 0;
}

Thanks
--
Matthew Allen

______________________________________________________________________

Matthew Allen

unread,
Apr 21, 2010, 7:00:10 PM4/21/10
to
---------- Original Message ----------
To: (openss...@openssl.org)
From: Stuart Weatherby (stuart_w...@yahoo.ca)
Subject: Re: Socket left in CLOSE_WAIT state...
Date: 22/4/2010 5:18:48a

> Shutdown disables the ability to read, write (or both) on a
> socket. However, shutdown() does not close the socket. to release the
> socket descriptor back to the OS you also need to call closesocket();

This code does want I want:
int r = 0;
if ((r = SSL_shutdown(Ssl)) >= 0)
{
closesocket(SSL_get_fd(Ssl));
}

But it seems like an ugly hack. It _should_ close the socket by itself. I'm worried that this leakes some BIO object(s), because clearly if the BIO objects were free'd they'd close their SOCKET. And since that ISN'T happening maybe the BIO object is not being free [correctly].

> Saju Paul wrote:
> Looks like it needs a BIO_free_all(bio) or something similair.

I tried that before and after the SSL_shutdown call and it just crashes, clearly thats not the "proper" way. Maybe there is a way to disassociate the BIO from the SSL but it seems like a hack rather than a solution.

Thanks for the responses.

PS in investigating these issues I did try and download + build OpenSSL 1.0.0 for myself, hoping to step into the code and see where things went, but after following the instructions to build with Visual C++ I got stuck running a command that never finished. The perl "do_ms" thing would run for hours using up 100% of the core it was running on and just never seem to finish. Ended up killing it and posting on the mailing list instead. Just FYI.
--
Matthew Allen
http://www.memecode.com

Stuart Weatherby

unread,
Apr 21, 2010, 8:23:54 PM4/21/10
to
According to the doc:

 0 indicates the ssl_shutdown function needs to be called again.
 1 indicates success
-1 indicates failure

if  r = ssl_shutdown() == -1
  // failure
if r == 0
  r = ssl_shutdown
if r == < 1
 // failure
else
//success

Stuart

----- Original Message ----
From: Matthew Allen <li...@sydneyband.com.au>
To: openss...@openssl.org

Saju Paul

unread,
Apr 21, 2010, 10:05:43 PM4/21/10
to
Since BIO is creating the SSL object somewhere in the call to
BIO_new_ssl_connect(Ctx); the cleanup of the SSL object (SSL_shutdown &
SSL_free) maybe handled by BIO_free_all()


>> begin

else printf("BIO_new_ssl_connect failed.\n");

BIO_free_all(Bio);
/*
if (Ssl)
{
SSL_shutdown(Ssl);
SSL_free(Ssl);
}
*/

<< end


-----Original Message-----
From: owner-ope...@openssl.org
[mailto:owner-ope...@openssl.org] On Behalf Of Matthew Allen

Thanks for the responses.

No virus found in this incoming message.
Checked by AVG - www.avg.com
Version: 9.0.814 / Virus Database: 271.1.1/2827 - Release Date: 04/21/10
14:31:00

0 new messages