Locking reader lock
Umesh Bywar
I am having a problem in configuring a socket to do hand shake as server. I have a socket on which some communication has already taken place. When I try to upgrade the socket to SSL, the SSL_LOCK_READER(ss) in SSL_ResetHandshake throws an exception and everything is aborted. Basically, _PR_MD_LOCK(&lock->ilock) in prulock.c throws the exception. Now, before I proceed on upgrading the socket, I've written something to the client and client has sent its response, but I don't read it. I proceed to the socket upgradation instead. Is it what is causing the problem in locking the reader? Any idea how to tackle this? Strangely enough, this doesn't happen all the time. Sometimes the SSL_ResetHandshake successfully upgrades the socket.
Please let me know if more infomation is required.
Thanks.
Best Regards.
Umesh.
Nelson Bolyard
> I am having a problem in configuring a socket to do hand shake as server. I
> have a socket on which some communication has already taken place. When I try
> to upgrade the socket to SSL, the SSL_LOCK_READER(ss) in SSL_ResetHandshake
> throws an exception and everything is aborted.
I gather that you mean: it crashes.
> Basically, _PR_MD_LOCK(&lock->ilock) in prulock.c throws the exception.
I'll bet lock is NULL.
> Now, before I
> proceed on upgrading the socket, I've written something to the client and
> client has sent its response, but I don't read it. I proceed to the socket
> upgradation instead.
By what means do you attempt this "upgrade"?
What functions do you call?
Do you check them to see if they return a failure indication?
Do you check the error code if they fail?
> Is it what is causing the problem in locking the reader?
> Any idea how to tackle this? Strangely enough, this doesn't happen all the
> time. Sometimes the SSL_ResetHandshake successfully upgrades the socket.
There are other steps that must be performed first. You cannot use
SSL_ResetHandshake until you have converted the socket to an SSL socket.
That is what I would call the "upgrade". How do you do that?
What steps do you do?
Note, I don't want to read code here. You can just give a short summary.
/Nelson
um...@gslab.com
Thanks for your response.
I think my upgradation process is just fine. Otherwise my code would
have failed all the time. But I am able to perform the handshake
sometimes. I think that the problem is with some events getting
handled while my upgradation is in process. I'll come to this later.
For now, to answer your question, here's what I do.
1) I don't call the NSS_Init as mentioned in the documentation about SSL
as mozilla already initializes it.
2) First of all I configure the server session cache by calling
SSL_ConfigMPServerSIDCache.
3) I obtain the certificate (PK11_FindCertFromNickname) and the private
key (PK11_FindKeyByAnyCert).
4) Then I call SSL_ImportFD() to upgrade the socket.
5) After this I configure the socket to handshake as a server by calling
SSL_ConfigSecureServer.
6) Now I call SSL_ResetHandshake(socket, PR_TRUE).
All these functions execute successfully without any errors.
As per one of my previous emails, I am writing a HTTPS proxy. So when
it sees a connect request, it responds with "200 OK" and at this point
it proceeds to upgrade the socket to handle SSL. During my debugging I
found that sometimes I hit breakpoints set in
nsSocketInputStream::Read() function. The interesting part is this
happens while I am stepping through the above mentioned steps. That
means the read (or whatever the correcponsing events are) are taking
precedence over my upgradation code and hence my handshake fails. If
the nsSocketInputStream::Read() happens after upgrade is complete,
then the handshake happens correctly as then the socket is completely
configured. Now, I might be completely wrong here but this is the best
way I could explain my observations while debugging.
Please let me know if you need more information. Please suggest, if
possible, how I can arrive at a solution.
Thanks.
Best Regards,
Umesh.
> _______________________________________________
> dev-tech-crypto mailing list
> dev-tec...@lists.mozilla.org
> https://lists.mozilla.org/listinfo/dev-tech-crypto
>
> --
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.
>
>
um...@gslab.com
> SSL_ConfigSecureServer.
> 6) Now I call SSL_ResetHandshake(socket, PR_TRUE).
>
> All these functions execute successfully without any errors.
Just thought I should give a bit more information.
These execute successfully only if the nsSocketInputStream::Read
function doesn't get called. Otherwise, all functions execute correctly
except SSL_ResetHandshake() which crashes at the point where it tries
to lock the reader.
Also the nsSocketInputStream::Read() percolates down to functions like
ssl_SecureRecv().
Umesh.
Nelson Bolyard
Sounds to me like you're sharing a socket with PSM (all that c++ code is
PSM, not NSS) and PSM is doing things to the socket at the same time that
your code is, probably on another thread. Sounds like your socket is
getting closed while you're using it. I can't help you with PSM.
/Nelson
um...@gslab.com
> PSM, not NSS) and PSM is doing things to the socket at the same time that
> your code is, probably on another thread. Sounds like your socket is
> getting closed while you're using it. I can't help you with PSM.
Thanks Nelson. Looks like I'll have to post my queries in some other
newsgroup(s).
Umesh.