#2099 closed defect (fixed)

SSL connection suddenly gets closed after sending packets intensively

Reported by: nanang Owned by: bennylp
Priority: normal Milestone: release-2.8
Component: pjlib Version: trunk
Keywords: Cc:
Backport to 1.x milestone: Backported: no

Description (last modified by nanang)

When a sender sends packets intensively to a receiver that has packet processing rate lower than the sending rate, the packet will be buffered by PJLIB SSL socket and after sometime the sender will get PJ_ENOMEM error and eventually drop the connection while there are still some pending outgoing packets in PJLIB SSL socket. Application cannot trace which packets have been sent and which packets are still pending (buffered in SSL socket).

After investigation, when sending buffer is full, any sending operation will still write to OpenSSL BIO while it should not, it should simply return error, e.g: PJ_ENOMEM. After sometime, it somehow cause OpenSSL to initiate SSL renegotiation and when renegotiation fails (e.g: due to timeout), SSL connection will be dropped.

Thanks Peter Koletzki for the report.

Change History (2)

comment:1 Changed 14 months ago by nanang

  • Description modified (diff)

comment:2 Changed 14 months ago by nanang

  • Resolution set to fixed
  • Status changed from new to closed

In 5751:

Fixed #2099: Fixed SSL socket (OpenSSL backend), when sending buffer is full, any further send operation should be rejected immediately without writing to OpenSSL SSL BIO.

Note: See TracTickets for help on using tickets.