[noPoll] Issue with using Secure Sockets client connecion (wss://) from Windows
Francis Brosnan Blázquez
francis en aspl.es
Lun Nov 23 13:30:04 CET 2015
El sáb, 21-11-2015 a las 01:17 +0000, Kale, Rahul escribió:
>
>
> Hello,
Hi Kale,
> We are using the latest published version of noPoll.
Ok,
> Your suggestion of blocking nopoll_conn_wait_until_connection_ready
> would not fix the
> issue since the SSL_connect() returns error well before that
> (SSL_ERROR_SYSCALL).
Ok,
> As I mentioned in the original report, I had put a small timeout as a
> workaround.
>
> However, when we started testing against a Websocket server a long
> distance away
> (California, US to Belgium) the problem resurfaced.
>
>
>
> Yesterday, I spent some time digging into the problem further. Turns
> out that
> if I increased the timeout to a large value (300 ms instead of 10 ms)
> the connection
> starts working. I rationalized that if the TCP connect completes (3
> way handshake)
> before we hand the socket over to SSL/TLS for processing, the problem
> goes away.
>
>
>
> So now I implemented a new workaround. I wait for the TCP connection
> to complete
> before telling SSL library the socket fd using SSL_set_fd().
>
>
>
> I modified nopoll_conn.c as follows:
>
>
>
> /* set socket */
>
> wait_for_socket_connect(conn->session); // workaround -- RPK
>
> SSL_set_fd (conn->ssl, conn->session);
>
>
>
> Where the wait_for_socket_connect is implemented as follows in
> nopoll_conn.c :
>
>
>
> staticint wait_for_socket_connect(int socketfd)
>
> {
>
> // On windows, when connect() is called on non-blocking call
>
> // connection succeeded if the socket is ready for writing
>
> fd_set write_fdset, except_fdset;
>
> struct timeval timeout;
>
>
>
> FD_ZERO(&write_fdset);
>
> FD_ZERO(&except_fdset);
>
> FD_SET((unsigned int) socketfd, &write_fdset );
>
> FD_SET((unsigned int) socketfd, &except_fdset );
>
>
>
> // Wait upto 2 seconds
>
> timeout.tv_sec = 0;
>
> timeout.tv_usec = 2000000;
>
>
>
> select( 0, NULL, &write_fdset, &except_fdset, &timeout);
>
>
>
> // connection failed
>
> if (FD_ISSET(socketfd, &except_fdset)) {
>
> return -1;
>
> }
>
> // successful connection
>
> else if (FD_ISSET(socketfd, &write_fdset)) {
>
> return 0;
>
> }
>
> return -1;
>
> }
And this solves the problem? Totally? ...or you are still experimenting
errors?
> It is very strange that this problem occurs only from the second
> connection using
> the library. You should be able to reproduce the problem using the
> test program
> I posted in the original report.
Ok, I'll look for a moment to review your test...
> I understand that the OpenSSL library is supposed to
> automatically take care of this and there should not be any need to
> wait
> for the base TCP connection to be established beforehand. But for some
> reason it does not.
Certainly it does. We have used OpenSSL for many years in many different
projects
and connection scenarios and we didn't face something similar as you
describe...
...but as usual, there's a first time for everything,
It can also be a noPoll's bug that some how causes that SYSCALL error at
the TLS/SSL
level...dunno,
> The above workaround is holding up for now but we would like to
> resolve this
> properly.
Ok. I'll look for a moment to review your test.
Best Regards,
> Thanks,
>
>
>
> Rahul
>
>
>
> Rahul Kale
>
>
>
> IP Video Systems
>
> Barco, Inc
>
> 1287 Anvilwood Ave
>
> Sunnyvale, CA 94089
>
>
>
> Tel +1 408 400 4238
>
>
>
>
> From: Kale, Rahul
> Sent: Thursday, November 19, 2015 3:14 PM
> To: nopoll en lists.aspl.es
> Cc: 'Francis Brosnan Blázquez'
> Subject: RE: [noPoll] Issue with using Secure Sockets client connecion
> (wss://) from Windows
>
>
>
>
>
>
>
> Hello,
>
>
>
> Any resolution to the issue regarding this?
>
> In spite of the workaround mentioned below, we see this fail
> in certain cases.
>
>
>
> Thanks,
>
>
>
> Rahul
>
>
>
> Rahul Kale
>
>
>
> IP Video Systems
>
> Barco, Inc
>
> 1287 Anvilwood Ave
>
> Sunnyvale, CA 94089
>
>
>
>
>
>
> From:nopoll-bounces en lists.aspl.es
> [mailto:nopoll-bounces en lists.aspl.es] On Behalf Of Kale, Rahul
> Sent: Tuesday, September 08, 2015 6:35 PM
> To: nopoll en lists.aspl.es
> Subject: [noPoll] Issue with using Secure Sockets client connecion
> (wss://) from Windows
>
>
>
>
>
>
>
> Hello,
>
>
>
> I am facing an issue with using noPoll library for Secure Websockets
> (wss://)
>
> client connection on Windows platform. Basically, the first connection
> from
>
> the same binary works but subsequent connections do not work reliably.
>
> When I tried to debug the issue, by enabling logs, the problem goes
> away.
>
> Strangely, if I install my own log handler with an empty (do nothing)
>
> implementation, the problem also goes away.
>
> I have been trying to track down the problem the past week and finally
> have
>
> something to report.
>
>
>
> Firstly, I have isolated the code (see below) to the bare minimum
> below for you to reproduce the
>
> issue. The code makes 100 back to back connections in a loop and exits
> the loop
>
> early if it fails. This code rarely lasts for 2 or more loops. However
> if you
>
> enable logs (setting nopoll_log_set_handler to true) or install a log
>
> handler (using nopoll_log_set_handler), it will make 100 successful
> connections.
>
>
>
> Since logging did not help, I ended up compiling the noPoll source
> myself for further
>
> debugging. Since I am using VS 2008, I had to fix the code here and
> there to get it
>
> to compile and also had to add __declspec(dllexport) to most functions
> in the header file.
>
> By adding trial and error printfs I narrowed down the spot when it
> fails.
>
> Whenever the connect fails, the SSL_connect() function errors out
> with
>
> SSL_ERROR_SYSCALL at around line 756 in nopoll_conn.c.
>
>
>
> Assuming that there is some timing issue (since logging adds just
> enough delay),
>
> I have put a temporary fix as a workaround which fixes the issue: I
> added
>
> a nopoll_sleep() just before SSL_connect() like so:
>
>
>
> nopoll_sleep (10000);
>
> while (SSL_connect (conn->ssl) <= 0) {
>
> …
>
>
>
>
>
> I am sure you will find the root cause and have a better fix.
>
>
>
> Here is the sample code:
>
>
>
> #include "nopoll.h"
>
>
>
> static void noPollLogger(noPollCtx *ctx, noPollDebugLevel level, const
> char *log_msg, noPollPtr user_data) {
>
> // Do nothing here
>
> }
>
>
>
> int ConnectToWebsocket()
>
> {
>
>
>
> noPollCtx * context = nopoll_ctx_new();
>
>
>
> //nopoll_log_set_handler(context, noPollLogger, NULL);
>
> nopoll_log_enable(context, false);
>
>
>
> noPollConnOpts * opts = nopoll_conn_opts_new();
>
> nopoll_conn_opts_ssl_peer_verify(opts, false); // disable cert
> verification
>
> noPollConn * connection = nopoll_conn_tls_new(context, opts,
> "10.1.2.3", "443", NULL,
>
> "wss://10.1.2.3:443/wstunnel/?dst=127.0.0.1:6060",
> "tunnel-protocol", "some-origin");
>
>
>
> bool connected = true;
>
> int count = 0;
>
> while (!nopoll_conn_is_ready(connection)) {
>
> if (!nopoll_conn_is_ok(connection)) {
>
> connected = false;
>
> break;
>
> }
>
> nopoll_sleep(10000);
>
> fprintf(stdout, "Info: Waiting for connection...\n", count++);
>
> }
>
>
>
> if (connected) {
>
> fprintf(stdout, "Info: Connected!!\n");
>
> }
>
> else {
>
> fprintf(stdout, "Failed websocket connection\n");
>
> exit(1);
>
> }
>
>
>
> nopoll_conn_close(connection);
>
> nopoll_ctx_unref(context);
>
>
>
> return 0;
>
> }
>
>
>
> int main(int argc, char *argv[])
>
> {
>
> for (int i = 0; i < 100; i++) {
>
> ConnectToWebsocket();
>
> fprintf(stderr, "Done Loop %d\n", i);
>
> }
>
> return 0;
>
> }
>
>
>
> Thanks,
>
>
>
> Rahul
>
>
>
> Rahul Kale
>
>
>
> IP Video Systems
>
> Barco, Inc
>
> 1287 Anvilwood Ave
>
> Sunnyvale, CA 94089
>
>
>
> Tel +1 408 400 4238
>
>
>
> This message is subject to the following terms and conditions: MAIL
> DISCLAIMER
>
>
>
> This message is subject to the following terms and conditions: MAIL
> DISCLAIMER
--
Francis Brosnan Blázquez - ASPL
http://www.asplhosting.com/
http://www.aspl.es/
https://twitter.com/aspl_es
https://twitter.com/asplhosting
https://twitter.com/francisbrosnanb
91 134 14 22 - 91 134 14 45 - 91 116 07 57
AVISO LEGAL
En virtud de lo dispuesto en la Ley Orgánica 15/1999, de 13 de
diciembre, de Protección de Datos de Carácter Personal, le informamos de
que sus datos de carácter personal, recogidos de fuentes accesibles al
público o datos que usted nos ha facilitado previamente, proceden de
bases de datos propiedad de Advanced Software Production Line, S.L.
(ASPL).
ASPL garantiza que los datos serán tratados con la finalidad de mantener
las oportunas relaciones comerciales o promocionales con usted o la
entidad que usted representa. No obstante, usted puede ejercitar sus
derechos de acceso, rectificación, cancelación y oposición dispuestos en
la mencionada Ley Orgánica, notificándolo por escrito a ASPL -
Protección Datos, C/Antonio Suárez 10 A-102, 28802, Alcalá de Henares
(Madrid).
------------ próxima parte ------------
Se ha borrado un adjunto en formato HTML...
URL: <http://lists.aspl.es/pipermail/nopoll/attachments/20151123/2cf26ca5/attachment.html>
Más información sobre la lista de distribución noPoll