I use zeromq and openssl to write my server and client .
After successful handshake, when the client sends message to server again, the ssl_read() in server returns -1 and ssl_get_erro() returns SSL_ERROR_SYSCALL,
this situation repeats when server receives messages again. I cannot find the reason. Do i need BIO_flush()? I would really appreciate you even just give me some inspirations to work this out.
well, my program is too complicated to show. I was asked to add ssl to rpcz to improve its security (I dont know if rpcz is popular enough for most people to know. In my word ,it combines zeromq,protobuf and rpc to realize remote procedure call). So there are lots of pieces of code, I think it wont help by showing them all here.
I am trying to give more details.
After a successful handshake, when server try to decrypt the data it receives, using a method like this
`{
//.......
bio_write();
//.......
ssl_read();
}`
and it turns out that bio_write() has successfully written the data into bio by returning number of the data, but ssl_read() always retun -1. So I use ssl_get_error() to check the error number, it returns SSL_ERROR_SYSCALL, and for the next data received,it returns SSL_ERROR_WANT_READ.
hope that someone can help to explain why ssl_read returns these code? I think if the ssl connection does not handshake successfully, ssl_write() wont return a positive number. So may the problem is not the ssl connection.
add some details again
void TLSZmq::ssl_decrypt()
{
//........
ERR_clear_error();
int rc = BIO_write(rbio,zmq_to_ssl->data(),zmq_to_ssl->size());
ERR_get_error();
check_ssl_err(rc); //written by myself
//.........
ERR_clear_error();
aread = SSL_read(ssl_,buffer,BUFFERSIZE);
ERR_get_error();
check_ssl_err(rc); //written by myself
//..........
}
void TLSZmq::check_ssl_err(int rc)
{
//...................
int err = SSL_get_error(ssl_, rc);
if (err == SSL_ERROR_NONE)
{
std::cout<<"SSL_ERROR_NONE:"<<SSL_ERROR_NONE<<std::endl;
}
else if (err == SSL_ERROR_WANT_READ )
{
std::cout<<"SSL_ERROR_WANT_READ:"<<SSL_ERROR_WANT_READ<<std::endl;
}
else if (SSL_ERROR_SYSCALL)
{
std::cout<<"SSL_ERROR_SYSCALL:"<<SSL_ERROR_SYSCALL<<std::endl;
}
//.....................
}
I am not sure this is the right way to check the error stack or something. when SSL_ERROR_SYSCALL appears, ERR_get_error() return a strange number like 336130315, and when SSL_ERROR_WANT_READ appears, ERR_get_error() returns 0.
I also have tested that the ssl connection(SSL* ssl) which is used by decrypt procedure after handshake is as same as it used during the handshake .
er...we are talking openssl right? rc gets the return value of BIO_write() function of openssl. P.S. I use zeromq socket for sending message, which I have pointed out. I am confused. Does it make sense to get errno by or call perror() ?
Really thanks for your time reading this.
