Giter VIP home page Giter VIP logo

Comments (6)

vbickov avatar vbickov commented on August 11, 2024

...to be clear. Of course, SSL_read and SSl_write should be called within synchronized blocks. But using the same synchronized block for both logically impossible.

from tlse.

eduardsui avatar eduardsui commented on August 11, 2024

I'm not sure this is unnecessary. Just think at an alert condition or handshake data pending. If you think this is a problem, just comment the line. I think that in case of an error, your client/server will not send the pending alert message. Also, it is possible to affect the fast start option. Anyway, you should avoid using SSL_* functions. Those are there for testing, You should use the tls_* function which are more flexible.

from tlse.

vbickov avatar vbickov commented on August 11, 2024

Of course I commented the line, but it took me 2 days to find this :) tls_* functions won't solve the issue. The problem is SSL_read writes to the same buffer as SSL_write, and the same will happen with tls_* functions. This will never work with two threads, no matter how you will synchronize them.

Just a suggestion. You should not fix it.

from tlse.

eduardsui avatar eduardsui commented on August 11, 2024

Can you please post a minimal source illustrating your problem? I think I don't understand what the problem is.

These lines:

            if (tls_consume_stream(context, client_message, read_size, ssl_data->certificate_verify) > 0) {
                _tls_ssl_private_send_pending(ssl_data->fd, context);
                break;
            }

Are important, because when consuming a stream, an alert condition may be encountered, so this should be here. Also, the tls-layer connection status may change.

from tlse.

vbickov avatar vbickov commented on August 11, 2024

Simple as this:

Thread 1:

{  
   SSL_read(ctx,buf, len);
}

Thread 2:

{  
   SSL_write(ctx,buf, len);
}

You can not use e.g a mutex to avoid simultaneous calls, because SSL_read leads to a blocked "recv". Now think about what will happen if SSL_write will be writing to the buffer, when SSL_read will suddenly receive data.

The same thing will happen any time when you will try to send data in a receiving method. It does not matter which functions you will use SSL_* or tls_*

from tlse.

eduardsui avatar eduardsui commented on August 11, 2024

Removing _tls_ssl_private_send_pending may cause unexpected behavior in handshake, so for now, it should be kept.

from tlse.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.