SSL_peek is not a const operation #795

Andersbakken · 2016-05-10T19:59:09Z

Calling SSL_peek can cause bytes to be read from the raw socket which in
turn can upset the select machinery that determines whether there's data
available on the socket.

Since Curl_ossl_check_cxn only tries to determine whether the socket is
alive and doesn't actually need to see the bytes SSL_peek seems like
the wrong function to call.

We're able to occasionally reproduce a connect timeout due to this
bug. What happens is that Curl doesn't know to call SSL_connect again
after the peek happens since data is buffered in the SSL buffer and thus
select won't fire for this socket.

Calling SSL_peek can cause bytes to be read from the raw socket which in turn can upset the select machinery that determines whether there's data available on the socket. Since Curl_ossl_check_cxn only tries to determine whether the socket is alive and doesn't actually need to see the bytes SSL_peek seems like the wrong function to call. We're able to occasionally reproduce a connect timeout due to this bug. What happens is that Curl doesn't know to call SSL_connect again after the peek happens since data is buffered in the SSL buffer and thus select won't fire for this socket.

bagder · 2016-05-10T22:08:31Z

Thanks!

bagder closed this in 856baf5 May 10, 2016

lock bot locked as resolved and limited conversation to collaborators Jan 19, 2019

SSL_peek is not a const operation #795

SSL_peek is not a const operation #795

Andersbakken commented May 10, 2016

bagder commented May 10, 2016

SSL_peek is not a const operation #795

SSL_peek is not a const operation #795

Conversation

Andersbakken commented May 10, 2016

bagder commented May 10, 2016