[erlang-questions] Trouble with accepting SSL on slow connections

Gurgen Tumanian tumanian@REDACTED
Fri Feb 22 12:32:47 CET 2008

Dear All.

I am having trouble with accepting SSl connections on slow links in case of
delays over 2000ms. ssl:ssl_accept fails with {error, esslconnect}.
I tried runnig ssl_esock with debug output on, and i have found out that the
reason of esslaccept is the EAGAIN error reported by underlying OS(FreeBSD )
when the ssl module tries to receive the client sertificate. The debug
output is this:

MASKS SET FOR FD: 11 (read) 9 (read) 8 (read) 10 (read) 5 (read) ^M
 - SSL_ACCEPT [0x8138d80] (fd = 11)^M
 - JOINED [0x812f900] (origin = accept)^M
       (fd = 8, eof = 0, wq = 0, bp = 0)^M
       (proxyfd = 9, eof = 0, wq = 0, bp = 0)^M
 - JOINED [0x80fb300] (origin = accept)^M
       (fd = 7, eof = 1, wq = 0, bp = 0)^M
       (proxyfd = 10, eof = 0, wq = 0, bp = 1)^M
 - PASSIVE_LISTENING [0x80e7b80] (fd = 6)^M
 - ACTIVE_LISTENING [0x80e7700] (fd = 5, acceptors = 8)^M
Before poll/select: 6 descriptors (total 11)^M
SSL_ACCEPT fd = 11^M
esock_ssl_accept: calling SSL_accept fd = 11^M
  state before: UNKWN ^M
  info: before/accept initialization^M
  info: SSLv3 read client hello A^M
  info: SSLv3 write server hello A^M
  info: SSLv3 write certificate A^M
  info: SSLv3 write certificate request A^M
  info: SSLv3 flush data^M
  info: error in SSLv3 read client certificate A^M
  info: error in SSLv3 read client certificate A^M
  sock_errno 35 errno 35 ^M
  SSL_accept = -1^M
  ssl_error: SSL_ERROR_WANT_READ^M
  state after: 3RCC_A^M
    ret -1 os error Resource temporarily unavailable^M

As far as i understand the SSL_accept(that handles the accept in ssl_esock)
function should have tried continuously  on receiveing client certificate if
the OS reported EAGAIN. However it does not,and i am really clueless about
any workarounds or changes that would solve this problem.
Any help would be appreciated.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://erlang.org/pipermail/erlang-questions/attachments/20080222/4124b2a7/attachment.htm>

More information about the erlang-questions mailing list