7.1-current SSL

Tim timwoj at ieee.org
Tue Nov 16 07:39:55 EST 2004 

On Nov 15, 2004, at 11:12 PM, Marcin Kulas wrote:

> On Mon, 15.11.2004 (11:29:56 -0500), timwoj at ieee.org <timwoj at ieee.org> 
> wrote:
>
>> I now have a fully working patch for SSL client connections for 7.1
>> current.  The patch is a port from the patch I did for 7.0.3.  It 
>> patches
>> cleanly to the 20041110_0 snapshot.  It hasn't been tested in a real
>> network/server environment, just connections from localhost to make 
>> sure
>> it was connecting and that I could chat on it.  It's available at
>> http://madleet.com/projects/71ssl.patch.
>
> I have tested it a little bit. See what I've found:
>
> - raw 317 is doubled in /whois server response,
> - there are some errors while client connecting [1]
> - after some time client gets lagged and disconnected (time out)
>
> Ad.1)
> Here are server notices while connecting client from 81.168.129.137:
>
> *** Notice -- SSL_accept() for 81.168.129.137 (socket 23) in 
> progress...
> *** Notice -- SSL_accept() for 81.168.129.1l wants read or write
>  (SSL_ERROR_WANT_READ), passing through...
> *** Notice -- SSL_accept() for 2.0.166.248 (socket 23) wanting READ 
> error!
>  -- SSL_ERROR_WANT_READ
> *** Notice -- BIO_sock_should_retry(): 1
> *** Notice -- SSL_state_string_long(): SSLv3 read client certificate A
> *** Notice -- SSL_accept() for 2.0.166.248 (socket 23) wanting READ
>   succeeded!
>
> and then, finally:
>
> *** Notice -- Client connecting: qq (ircd at unsigned.int) 
> [81.168.129.137]
>  {oper} [r]
>
> Client seemed to work correctly for a while, but after a few minutes
> I got lagged, and then connection dropped.
>
> I'm not a coder. I can't find a bug in this patch. Can you?
> Notice IP address deformation in the second and third line.
> It always occured on my server during yesterday's tests.
>
> PS.
> I'd really appreciate if hybrid team published official, working
> and tested SSL patch for h7.1. Hope there's much more people like me.
>
> -- 
> Marcin Kulas

The "errors" are actually part of the debugging statements I was 
printing.  The SSL_ERROR_WANT_READ is a normal part of making an SSL 
connection.  I can remove those.  I'll look into the 
lagging/disconnecting.  It might be somewhere I'm not giving up 
resources or something.

Thanks for the info.

Tim

More information about the hybrid mailing list