Work at SourceForge, help us to make it a better place! We have an immediate need for a Support Technician in our San Francisco or Denver office.

Close

#597 np_net_ssl_read fails to take SSL_WANT_READ into account

Release (specify)
closed-fixed
Holger Weiß
5
2013-08-20
2013-07-16
Pepijn Schmitz
No

The np_net_ssl_read function in sslutils.c fails to take the SSL_ERROR_WANT_READ return code into account. This is not an error but indicates that the read should be retried. It can occur for instance when an SSL/TLS renegotiation occurs. This is causing the following check_http command to fail with a "HTTP CRITICAL - Error on receive" message, causing a false negative (the site in question works fine):

check_http -I www.essentialmall.com -S

The fix is to replace the np_net_ssl_read() function with this:

int np_net_ssl_read(void *buf, int num) {
int rc;
do {
rc = SSL_read(s, buf, num);
} while ((rc < 0) && (SSL_get_error(s, rc) == SSL_ERROR_WANT_READ));
return rc;
}

Discussion

  • Pepijn Schmitz
    Pepijn Schmitz
    2013-07-16

    This is in release 1.4.16.

     
  • Holger Weiß
    Holger Weiß
    2013-07-16

    • assigned_to: nobody --> hweiss
     
  • Pepijn Schmitz
    Pepijn Schmitz
    2013-07-16

    I guess the write function should be similarly adapted (for SSL_ERROR_WANT_WRITE), but I have not seen that cause a problem yet.

     
  • Holger Weiß
    Holger Weiß
    2013-08-20

    • status: open --> closed-fixed