[racket-dev] possible bug in openssl/mzssl

From: Timur Sufiev (tsufiev at jet.msk.su)
Date: Mon Feb 27 08:58:19 EST 2012

Consider the following code:

(define cert-chain "/opt/dozor/smap/config/httpd/server.crt")
(define cert-root "/opt/dozor/smap/config/httpd/server.crt")
(define cert-sca "/opt/dozor/smap/config/httpd/server.crt")
(define key "/opt/dozor/smap/config/httpd/server.key")
(let-values (((in-raw out-raw) (tcp-connect "localhost" 8052)))
(let-values (((in out)
(let ((ctx (ssl-make-client-context)))
(ssl-load-certificate-chain! ctx cert-chain)
(ssl-load-verify-root-certificates! ctx cert-root)
(ssl-load-suggested-certificate-authorities! ctx cert-sca)
(ssl-set-verify! ctx #t)
(ssl-load-private-key! ctx key)
(ports->ssl-ports in-raw out-raw
#:mode 'connect
#:context ctx
#:close-original? #t
#:shutdown-on-close? #f))))
(fprintf out "GET https://localhost:8052/cgi-bin/rc/iface.scm 
(flush-output out)
(read-line in)))

Raw ports were wrapped with SSL successfully, but then program has hung 
up between 2 last actions: sending the request to server and reading its 
reply. Further investigation showed that in the course of SSL processing 
the server had requested session renegotiation from the client and would 
provide it with requested data if the client sent negotiation info to 
server. After looking inside *make-ssl-input-port *(see the code below)

        (letrec ([do-read
          (lambda (buffer)
            (let ([out-blocked? (pump-output mzssl)]
              [len (or must-read-len (min (bytes-length xfer-buffer)
                              (bytes-length buffer)))])
              (let ([n (SSL_read (mzssl-ssl mzssl) xfer-buffer len)])

we found that control flow cannot reach *SSL_read* call it is blocked by 
*pump-output* call. Unfortunately, we do not fully understand what is 
going on inside *pump-output*...

Best regards,

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.racket-lang.org/dev/archive/attachments/20120227/ec2b6139/attachment.html>

Posted on the dev mailing list.