[racket-dev] possible bug in openssl/mzssl
Consider the following code:
(define cert-chain "/opt/dozor/smap/config/httpd/server.crt")
(define cert-root "/opt/dozor/smap/config/httpd/server.crt")
(define cert-sca "/opt/dozor/smap/config/httpd/server.crt")
(define key "/opt/dozor/smap/config/httpd/server.key")
(let-values (((in-raw out-raw) (tcp-connect "localhost" 8052)))
(let-values (((in out)
(let ((ctx (ssl-make-client-context)))
(ssl-load-certificate-chain! ctx cert-chain)
(ssl-load-verify-root-certificates! ctx cert-root)
(ssl-load-suggested-certificate-authorities! ctx cert-sca)
(ssl-set-verify! ctx #t)
(ssl-load-private-key! ctx key)
(ports->ssl-ports in-raw out-raw
#:mode 'connect
#:context ctx
#:close-original? #t
#:shutdown-on-close? #f))))
(fprintf out "GET https://localhost:8052/cgi-bin/rc/iface.scm
HTTP/1.0\r\n\r\n")
(flush-output out)
(read-line in)))
Raw ports were wrapped with SSL successfully, but then program has hung
up between 2 last actions: sending the request to server and reading its
reply. Further investigation showed that in the course of SSL processing
the server had requested session renegotiation from the client and would
provide it with requested data if the client sent negotiation info to
server. After looking inside *make-ssl-input-port *(see the code below)
(letrec ([do-read
(lambda (buffer)
(let ([out-blocked? (pump-output mzssl)]
[len (or must-read-len (min (bytes-length xfer-buffer)
(bytes-length buffer)))])
(let ([n (SSL_read (mzssl-ssl mzssl) xfer-buffer len)])
we found that control flow cannot reach *SSL_read* call it is blocked by
*pump-output* call. Unfortunately, we do not fully understand what is
going on inside *pump-output*...
--
Best regards,
Timur
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.racket-lang.org/dev/archive/attachments/20120227/ec2b6139/attachment.html>
![[logo]](/logo.png){kind=logo}