SSL_read problem

thirumalesh · 09-22-2011, 05:14 AM

Hi,

I am writing a SSL Client program which is working fine if the request is lessthan or equal to 500 bytes to server.But whenever the request becomes more than 500 bytes my client receiving only 1 byte of response which is [H] and after that I/O error is occuring(SSL_ERROR_SYSCALL)

can anyone have an idea why this is happening?

Thanks in advance

Proud · 09-22-2011, 07:01 AM

Post your code being as this client is your own.
Also read the definition of the functions & libraries you're calling, be sure you're not missing a documented behaviour/a check you should make in your read loop before assuming a variable's contents, or that you're not looping too much and only capturing the last read/buffer's worth of data.

This seems relevant
http://www.openssl.org/docs/ssl/SSL_read.html

Quote:

SSL_read() tries to read num bytes from the specified ssl into the buffer buf.
...
SSL_read() works based on the SSL/TLS records. The data are received in records (with a maximum record size of 16kB for SSLv3/TLSv1). Only when a record has been completely received, it can be processed (decryption and check of integrity). Therefore data that was not retrieved at the last call of SSL_read() can still be buffered inside the SSL layer and will be retrieved on the next call to SSL_read(). If num is higher than the number of bytes buffered, SSL_read() will return with the bytes buffered. If no more bytes are in the buffer, SSL_read() will trigger the processing of the next record. Only when the record has been received and processed completely, SSL_read() will return reporting success. At most the contents of the record will be returned. As the size of an SSL/TLS record may exceed the maximum packet size of the underlying transport (e.g. TCP), it may be necessary to read several packets from the transport layer before the record is complete and SSL_read() can succeed.

http://www.mail-archive.com/openssl-.../msg57544.html

Quote:

SSL_ERROR_SYSCALL means that an underlying call to the system failed.
Check errno in that case.

If you're getting the error on larger pieces of data, instead of
smaller pieces of data, it sounds like you're not properly handling
the case where your read buffer isn't large enough, needs to be
extended, and the read continued. Without knowing the value of errno,
it's impossible to guess, though.

Quote:

SSL_ERROR_SYSCALL

Some I/O error occurred. The OpenSSL error queue may contain more information on the error. If the error queue is empty (i.e. ERR_get_error() returns 0), ret can be used to find out more about the error: If ret == 0, an EOF was observed that violates the protocol. If ret == -1, the underlying BIO reported an I/O error (for socket I/O on Unix systems, consult errno for details).

Is it just that the request is >500bytes, or that the source is different and possibly introducing an invalid EOF?

thirumalesh · 09-23-2011, 03:59 AM

Hi Proud,

Thanks for the reply...

I have pasted my code for sending and receiving data using SSL below..

The complete request as it is i can't post...

And the response that I am getting is

Quote:

Received [H] from Server
SSL read Error: Premature close errno[0]

This is only if the requst length is > 500 bytes

Code:

static char *REQUEST_TEMPLATE="POST / HTTP/1.1\r\nHost:secure.somesite.com\r\nContent-Type: application/x-www-form-urlencoded\r\nContent-Length:398\r\n\r\nXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX";


static char *host=HOST;
static int port=PORT;
static int require_server_auth=1;

static int http_request(ssl)
  SSL *ssl;
  {
    char *request=0;
    char buf[65536];
    int r;
    int len, request_len;

    /* Now construct our HTTP request */
    request_len=strlen(REQUEST_TEMPLATE);
    if(!(request=(char *)malloc(request_len)))
      err_exit("Couldn't allocate request");
    snprintf(request,request_len,REQUEST_TEMPLATE,
      host,port);

    /* Find the exact request_len */
    request_len=strlen(request);

    r=SSL_write(ssl,request,request_len);
    printf("sent [%d] bytes\n Request [%s]\n",r,request);
    switch(SSL_get_error(ssl,r)){
      case SSL_ERROR_NONE:
        if(request_len!=r)
          err_exit("Incomplete write!");
        break;
        default:
          berr_exit("SSL write problem");
    }

    char errbuf[256];
    memset(errbuf,0,256);
    memset(buf,0,65536);
    /* Now read the server's response, assuming
       that it's terminated by a close */
    //SSL_set_connect_state(ssl);
    while(1)
    {
      ERR_clear_error();
      r=SSL_read(ssl,buf,BUFSIZZ);
      switch(SSL_get_error(ssl,r))
      {
        case SSL_ERROR_NONE:
          len=r;
          break;
        case SSL_ERROR_ZERO_RETURN:
          goto shutdown;
        case SSL_ERROR_SYSCALL:
        //perror("SSL Read: ");
        //ERR_error_string(r,errbuf);
        printf(errbuf);
          fprintf(stderr,
            "SSL read  Error: Premature close errno[%d]\n",errno);
          goto done;
        default:
          berr_exit("SSL read problem");
      }

//      fwrite(buf,1,r,stdout);
      printf("Received [%s] from Server\n",buf);
    }

  shutdown:
    r=SSL_shutdown(ssl);
    switch(r){
      case 1:
        break; /* Success */
      case 0:
      case -1:
      default:
        berr_exit("Shutdown failed");
    }

  done:
    SSL_free(ssl);
    free(request);
    return(0);
  }

Proud · 09-23-2011, 06:45 AM

I'm not a C man, but BUFSIZZ is being defined where? Looks like it should be 65536 but there's a lot of occurances of this magic number instead.

Re-reading that documentation I originally linked, it looks like you could do more error value investigation in your code rather than your current print and goto.