[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Chicken-users] openssl problem
|
From: |
Thomas Christian Chust |
|
Subject: |
Re: [Chicken-users] openssl problem |
|
Date: |
Wed, 11 Jul 2007 23:59:05 +0200 |
|
User-agent: |
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.4) Gecko/20070509 SeaMonkey/1.1.2 |
Mark Voortman wrote:
> [...]
> I just ran into a problem with the openssl egg. If I run the code below
> and browse to https://localhost/ it shows the certificate and everything,
> but the page keeps loading. Only when I kill the server it actually shows
> the page. My guess is that close-input-port and close-output-port don't
> work properly. Does anyone know how to fix this?
> [...]
Hello,
the problem is, that closing the in and output ports of an SSL
connection attempts to do a clean shutdown of the SSL connection. This
may sometimes take a while because CHICKEN blocks the thread for I/O
longer than necessary or because the other endpoint of the
communications channel behaves uncooperatively (which, for some unknown
reason, seems to be often the case with clients using the Netscape SSL
library).
Other than setting a timeout or introducing a maximum retry count in the
openssl egg code, the only way I can think of to do a hard shutdown is
to abandon both ports and perform a close syscall on the file descriptor
of the communications socket.
The rationale for not doing such a forced close is, that the SSL library
is theoretically allowed to keep internally cached state between
different connections with the same peer and without clean shutdown all
kinds of strange behavior are apparently allowed to happen if you ever
connect again with the same communications partner -- of course this
doesn't really apply in reality ;-)
cu,
Thomas