Ticket #2099 (closed defect: fixed)

Opened 9 months ago

Last modified 9 months ago

SSL connection suddenly gets closed after sending packets intensively

Reported by: nanang Owned by: bennylp
Priority: normal Milestone: release-2.8
Component: pjlib Version: trunk
Keywords: Cc:
Backport to 1.x milestone: Backported: no

Description (last modified by nanang) (diff)

When a sender sends packets intensively to a receiver that has packet processing rate lower than the sending rate, the packet will be buffered by PJLIB SSL socket and after sometime the sender will get PJ_ENOMEM error and eventually drop the connection while there are still some pending outgoing packets in PJLIB SSL socket. Application cannot trace which packets have been sent and which packets are still pending (buffered in SSL socket).

After investigation, when sending buffer is full, any sending operation will still write to OpenSSL BIO while it should not, it should simply return error, e.g: PJ_ENOMEM. After sometime, it somehow cause OpenSSL to initiate SSL renegotiation and when renegotiation fails (e.g: due to timeout), SSL connection will be dropped.

Thanks Peter Koletzki for the report.

Change History

comment:1 Changed 9 months ago by nanang

  • Description modified (diff)

comment:2 Changed 9 months ago by nanang

  • Status changed from new to closed
  • Resolution set to fixed

In 5751:

Fixed #2099: Fixed SSL socket (OpenSSL backend), when sending buffer is full, any further send operation should be rejected immediately without writing to OpenSSL SSL BIO.

Note: See TracTickets for help on using tickets.