Socket left in CLOSE_WAIT state...
Matthew Allen
My code leaves sockets in the CLOSE_WAIT state after I free the SSL connection (running on windows XP with OpenSSL 0.9.8e). After I'm done with the connection I call SSL_shutdown and SSL_free, but that doesn't close the socket on the client side. My code's probably wrong, so tell me what I should change?
#include <stdlib.h>
#include "windows.h"
#include "openssl/ssl.h"
char Hostname[] = "imap.gmail.com";
int Port = 993;
int main(int args, char **arg)
{
printf("OpenSSL Test\n");
SSL_library_init();
SSL_load_error_strings();
ERR_load_BIO_strings();
OpenSSL_add_all_algorithms();
SSL_CTX *Ctx = SSL_CTX_new(SSLv23_client_method());
if (Ctx)
{
SSL *Ssl = 0;
BIO *Bio = BIO_new_ssl_connect(Ctx);
if (Bio)
{
BIO_get_ssl(Bio, &Ssl);
if (Ssl)
{
SSL_set_mode(Ssl, SSL_MODE_AUTO_RETRY);
BIO_set_conn_hostname(Bio, Hostname);
BIO_set_conn_int_port(Bio, &Port);
if (BIO_do_connect(Bio) > 0)
{
printf("Connected to '%s' using SSL\n", Hostname);
char Data[256];
char *Cmd = "A0001 CAPABILITY\r\n";
int w = SSL_write(Ssl, Cmd, strlen(Cmd));
if (w > 0)
{
printf("Wrote %i bytes.\n", w);
int r = SSL_read(Ssl, Data, sizeof(Data));
if (r > 0)
{
printf("Got %i bytes.\n", r);
}
else printf("SSL_read failed.\n");
}
else printf("SSL_write failed.\n");
}
else printf("BIO_do_connect failed.\n");
}
else printf("BIO_get_ssl failed.\n");
}
else printf("BIO_new_ssl_connect failed.\n");
if (Ssl)
{
SSL_shutdown(Ssl);
SSL_free(Ssl);
}
/* At this point I expect the socket should have disappeared, but it's still there
hanging around in CLOSE_WAIT... why? */
SSL_CTX_free(Ctx);
}
return 0;
}
Thanks
--
Matthew Allen
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openss...@openssl.org
Automated List Manager majo...@openssl.org
Saju Paul
Darryl Miles
> if (Ssl)
> {
> SSL_shutdown(Ssl);
> SSL_free(Ssl);
> }
Yes as the other writer says, you may need to close out the BIO (which
is the thing holding the socket descriptor/handle). So the "Bio" object
you created you may need to clean it up (in and around the SSL_free()).
Alternatively if you still get issues with CLOSE_WAIT.
if(SSL_shutdown(Ssl) >= 0)
shutdown(SSL_get_fd(Ssl), SHUT_WR);
Research into using the "shutdown()" system call to half-close a socket,
this has been used in the past, usually with servers to improve
efficiency during disconnection.
Darryl
Stuart Weatherby
Hi,
SSL_library_init();
SSL_load_error_strings();
ERR_load_BIO_strings();
OpenSSL_add_all_algorithms();
if (Ssl)
{
SSL_shutdown(Ssl);
SSL_free(Ssl);
}
SSL_CTX_free(Ctx);
}
return 0;
}
Thanks
--
Matthew Allen
______________________________________________________________________
Matthew Allen
To: (openss...@openssl.org)
From: Stuart Weatherby (stuart_w...@yahoo.ca)
Subject: Re: Socket left in CLOSE_WAIT state...
Date: 22/4/2010 5:18:48a
> Shutdown disables the ability to read, write (or both) on a
> socket. However, shutdown() does not close the socket. to release the
> socket descriptor back to the OS you also need to call closesocket();
This code does want I want:
int r = 0;
if ((r = SSL_shutdown(Ssl)) >= 0)
{
closesocket(SSL_get_fd(Ssl));
}
But it seems like an ugly hack. It _should_ close the socket by itself. I'm worried that this leakes some BIO object(s), because clearly if the BIO objects were free'd they'd close their SOCKET. And since that ISN'T happening maybe the BIO object is not being free [correctly].
> Saju Paul wrote:
> Looks like it needs a BIO_free_all(bio) or something similair.
I tried that before and after the SSL_shutdown call and it just crashes, clearly thats not the "proper" way. Maybe there is a way to disassociate the BIO from the SSL but it seems like a hack rather than a solution.
Thanks for the responses.
PS in investigating these issues I did try and download + build OpenSSL 1.0.0 for myself, hoping to step into the code and see where things went, but after following the instructions to build with Visual C++ I got stuck running a command that never finished. The perl "do_ms" thing would run for hours using up 100% of the core it was running on and just never seem to finish. Ended up killing it and posting on the mailing list instead. Just FYI.
--
Matthew Allen
http://www.memecode.com
Stuart Weatherby
0 indicates the ssl_shutdown function needs to be called again.
1 indicates success
-1 indicates failure
if r = ssl_shutdown() == -1
// failure
if r == 0
r = ssl_shutdown
if r == < 1
// failure
else
//success
Stuart
----- Original Message ----
From: Matthew Allen <li...@sydneyband.com.au>
To: openss...@openssl.org
Saju Paul
BIO_new_ssl_connect(Ctx); the cleanup of the SSL object (SSL_shutdown &
SSL_free) maybe handled by BIO_free_all()
>> begin
else printf("BIO_new_ssl_connect failed.\n");
BIO_free_all(Bio);
/*
if (Ssl)
{
SSL_shutdown(Ssl);
SSL_free(Ssl);
}
*/
<< end
-----Original Message-----
From: owner-ope...@openssl.org
[mailto:owner-ope...@openssl.org] On Behalf Of Matthew Allen
Thanks for the responses.
No virus found in this incoming message.
Checked by AVG - www.avg.com
Version: 9.0.814 / Virus Database: 271.1.1/2827 - Release Date: 04/21/10
14:31:00