curl-library
cyassl backend dies (CURLE_SSL_CONNECT_ERROR) after it times out
Date: Wed, 30 Sep 2015 15:57:31 -0700
I am attempting to use the cyassl backend on the latest libcurl with an
application that uses easy handles. This starts fine, but I've been
running into a problem the moment cyassl times out the session. For
anyone who doesn't know, cyassl has been renamed to wolfSSL, but the
includes are still installed for cyassl.
(from cyassl_connect_step1(), in lib/vtls/cyassl.c, line 305)
> /* Check if there's a cached ID we can/should use here! */
> if(!Curl_ssl_getsessionid(conn, &ssl_sessionid, NULL)) {
> /* we got a session id, use it! */
> if(!SSL_set_session(conssl->handle, ssl_sessionid)) {
> failf(data, "SSL: SSL_set_session failed: %s",
> ERR_error_string(SSL_get_error(conssl->handle, 0),
> error_buffer));
> return CURLE_SSL_CONNECT_ERROR;
> }
> /* Informational message */
> infof (data, "SSL re-using session ID\n");
> }
If SSL_set_session returns 0, libcurl never reestablishes a session. I
think nothing is removing the session ID from the cache, so it keeps
trying the old connection.
The ugly hack that seems to work for now is to simply ignore the result
of SSL_set_session. conn->connection_id gets incremented, the connection
gets reinitialized, and we continue running.
On the wolfSSL side, it appears that the session is timing out, so
SetSession fails, returning 0. Is there a more elegant way to handle this?
Chris Ghormley / Set-Point Control
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html
Received on 2015-10-01