[stunnel-users] Stunnel hangs on big flows of data
Michal Trojnara
Michal.Trojnara at mobi-com.net
Fri Oct 27 15:20:15 CEST 2006
On Friday 27 October 2006 12:41, Dario Mariani wrote:
> The problem is this:
> the system works well for about 45min, then gives these messages and
> hangs.
System (kernel) hangs?
Stunnel hangs (no longer accepts new connections)?
This connection hangs (no longer transfers any data)?
> With the tests that i made on my laptop, i had those debug messages,
> but it all worked well and in expected times (the path netcat 120m
> file -> stunnel client -> stunnel server -> openssl s_server >/dev/
> null took 20 seconds!!! )
6MB/s (48Mbit/s) for two SSL connections on a laptop seems to be
a reasonable performance.
> What i'm asking is:
> - what these messages _exactly_ means? reading some openssl related
> forums, i saw that this message is sent by the server when the read
> buffer is empty and the server is awaiting data.
From http://www.openssl.org/docs/ssl/SSL_read.html:
If the underlying BIO is non-blocking, SSL_read() will also return when the
underlying BIO could not satisfy the needs of SSL_read() to continue the
operation. In this case a call to SSL_get_error(3) with the return value of
SSL_read() will yield SSL_ERROR_WANT_READ or SSL_ERROR_WANT_WRITE. As at any
time a re-negotiation is possible, a call to SSL_read() can also cause write
operations! The calling process then must repeat the call after taking
appropriate action to satisfy the needs of SSL_read(). The action depends on
the underlying BIO. When using a non-blocking socket, nothing is to be done,
but select() can be used to check for the required condition. When using a
buffering BIO, like a BIO pair, data must be written into or retrieved out of
the BIO before being able to continue.
> - do you have any idea on what topic i can direct my analysis?
The problem is either in transfer() function in client.c file or somewhere in
OpenSSL library.
> > How can I reproduce the hang mentioned int the subject?
>
> Well, i have some problems with this point:
> i CANNOT put up stunnel on the system that had the problem, until i
> fix the problem :(
>
> Excuse me for my lack of precision and details, but these are chaotic
> days here :)
I see.
Best regards,
Mike
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://www.stunnel.org/pipermail/stunnel-users/attachments/20061027/97dc767b/attachment.sig>
More information about the stunnel-users
mailing list