Re: [boost] [asio] has anybody enabled SSL in a large project?
From: viktor kougitko [mailto:klug@apriorit.com]
From: "Scott" <cheesy4poofs@cox.net>
[snip]
It all seemed great at first, because it seemed to seemlessly work. But eventually the communications break down. I either get asserts in my code from unexpected data in the stream, or the client hangs waiting for data that never appears or any of several different stream problems. It's rarely the exact same thing. But it eventually always fails. Especially on long sustained transfers.
it seems that problem with buffer sizes try to change asio/ssl/detail/openssl_stream_service.hpp openssl_stream_service::create ::BIO_new_bio_pair(&int_bio, 3*8192, &impl->ext_bio, 3*8192); it helps in my case
I know next to nothing about asio's SSL implementation, but this reference to buffer sizes reminds me of a problem that we saw in a previous version of TAO: http://deuce.doc.wustl.edu/bugzilla/show_bug.cgi?id=1429 The fix in that case was to enable partial writes in open ssl, using SSL_set_mode to enable SSL_MODE_ENABLE_PARTIAL_WRITE and SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER. HTH, Éric
EMalenfant@interstarinc.com wrote:
I know next to nothing about asio's SSL implementation, but this reference to buffer sizes reminds me of a problem that we saw in a previous version of TAO: http://deuce.doc.wustl.edu/bugzilla/show_bug.cgi?id=1429
The fix in that case was to enable partial writes in open ssl, using SSL_set_mode to enable SSL_MODE_ENABLE_PARTIAL_WRITE and SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER.
The symptoms in that bug report do sound similar based on what Scott and Viktor have said. Scott, you might try this change to see if it makes a difference: --- include/asio/ssl/detail/openssl_stream_service.hpp 16 Jun 2006 11:52:28 -0000 1.11 +++ include/asio/ssl/detail/openssl_stream_service.hpp 14 Jul 2006 12:28:36 -0000 @@ -179,6 +179,7 @@ impl = new impl_struct; impl->ssl = ::SSL_new(context.impl()); ::SSL_set_mode(impl->ssl, SSL_MODE_ENABLE_PARTIAL_WRITE); + ::SSL_set_mode(impl->ssl, SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER); ::BIO* int_bio = 0; impl->ext_bio = 0; ::BIO_new_bio_pair(&int_bio, 8192, &impl->ext_bio, 8192); However I'm not particularly optimistic that it's the same problem, since SSL_MODE_ENABLE_PARTIAL_WRITE is already set and from my reading of the code, the same buffer is reused until all data is sent (so in theory SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER is not needed). Cheers, Chris
participants (2)
-
Christopher Kohlhoff -
EMalenfant@interstarinc.com