[omniORB] sslEndpoint::AcceptAndMonitor does not handle
SSL_ERROR_ZERO_RETURN
Duncan Grisby
duncan at grisby.org
Mon Oct 29 12:43:52 GMT 2007
On Tuesday 23 October, Jan Lennartsson wrote:
> I've found in our application that is using omniORB with SSL
> that sometimes SSL_accept returns an error with error code
> set to SSL_ERROR_ZERO_RETURN which is not handled in the switch
> statement of sslEndpoint.cc sslEndpoint::AcceptAndMonitor.
> This causes a endless loop with the following line in the log:
> ...
> SSL_accept:failed in SSLv3 read client certificate A
> SSL_accept:failed in SSLv3 read client certificate A
> SSL_accept:failed in SSLv3 read client certificate A
> ...
>
> This effects omniORB-4.0.7 and may affect 4.1.0 and 4.1.1 as the switch
> statement looks the same.
Yes, it does affect all versions.
> I have temporary patched our version of omniORB by adding:
> case SSL_ERROR_ZERO_RETURN:
> above line 405 in sslEndpoint.cc 'case SSL_ERROR_SSL:'.
> But I don't know if that is a good enough solution in the long run.
I think that's the correct thing to do. I've checked it in to the
omni4_1_develop branch.
> And By the way, SSL_ERROR_WANT_X509_LOOKUP, SSL_ERROR_WANT_CONNECT and
> SSL_ERROR_WANT_ACCEPT
> isn't handled either but it may be OK for them to fall through the
> switch and do SSL_accept again.
I don't think any of those can ever occur in the way omniORB uses
OpenSSL. Even if they do occur, the required behaviour is to retry the
operation, which is what already happens, so it should be okay.
Thanks for the bug report.
Duncan.
--
-- Duncan Grisby --
-- duncan at grisby.org --
-- http://www.grisby.org --
More information about the omniORB-list
mailing list