[asio] has anybody enabled SSL in a large project?
We've been using ASIO for a while now in a large project and it's been great. I've recently been tasked to add optional SSL support between our client and server. Since there are some SSL classes in ASIO I started with the ASIO SSL example code and got that working. I then pretty much copied the relevant pieces from the sample code over to our project to see if it would work there. Using the same certificates and key files from the sample code, I added the handshaking and got our client and server to communicate. It all seemed great at first, because it seemed to seemlessly work. But eventually the communications break down. I either get asserts in my code from unexpected data in the stream, or the client hangs waiting for data that never appears or any of several different stream problems. It's rarely the exact same thing. But it eventually always fails. Especially on long sustained transfers. I have no idea what I might be doing wrong. There's really no documentation at all on ASIO and SSL. For all I know, it might be a problem with the SSL implementation in ASIO. Which brings me to my question - has anybody successfully used the SSL classes in ASIO on complex projects? If so, that would point to a problem in my code somewhere. Perhaps I need to do more than just add the initial SSL handshake (aside from using the SSL stream beyond that point)? Thanks, Scott
----- Original Message ----- From: "Scott" <cheesy4poofs@cox.net> Newsgroups: gmane.comp.lib.boost.devel Sent: Wednesday, July 12, 2006 11:51 PM Subject: [asio] has anybody enabled SSL in a large project? yes after two day debugging looking for fixes and some hot fixes it begin to work
We've been using ASIO for a while now in a large project and it's been great. I've recently been tasked to add optional SSL support between our client and server. Since there are some SSL classes in ASIO I started with the ASIO SSL example code and got that working. I then pretty much copied the relevant pieces from the sample code over to our project to see if it would work there.
get lastest version of asio asap or search google for changes in ssl support and patch
Using the same certificates and key files from the sample code, I added the handshaking and got our client and server to communicate. It all seemed great at first, because it seemed to seemlessly work. But eventually the communications break down. I either get asserts in my code from unexpected data in the stream, or the client hangs waiting for data that never appears or any of several different stream problems. It's rarely the exact same thing. But it eventually always fails. Especially on long sustained transfers.
it seems that problem with buffer sizes try to change asio/ssl/detail/openssl_stream_service.hpp openssl_stream_service::create ::BIO_new_bio_pair(&int_bio, 3*8192, &impl->ext_bio, 3*8192); it helps in my case
I have no idea what I might be doing wrong. There's really no documentation at all on ASIO and SSL. For all I know, it might be a problem with the SSL implementation in ASIO. Which brings me to my question - has anybody successfully used the SSL classes in ASIO on complex projects? If so, that would point to a problem in my code somewhere. Perhaps I need to do more than just add the initial SSL handshake (aside from using the SSL stream beyond that point)?
that's not a solution in my opinion
Thanks, Scott
_______________________________________________ Unsubscribe & other changes: http://lists.boost.org/mailman/listinfo.cgi/boost
Hi Viktor, viktor kougitko <klug@apriorit.com> wrote:
it seems that problem with buffer sizes try to change asio/ssl/detail/openssl_stream_service.hpp openssl_stream_service::create ::BIO_new_bio_pair(&int_bio, 3*8192, &impl->ext_bio, 3*8192); it helps in my case
Suspicious. Does going the other way and making the buffer smaller increase the likelihood of a problem? Cheers, Chris
----- Original Message ----- From: "Christopher Kohlhoff" <chris@kohlhoff.com> Newsgroups: gmane.comp.lib.boost.devel Sent: Thursday, July 13, 2006 3:49 PM Subject: Re: [asio] has anybody enabled SSL in a large project?
Hi Viktor,
viktor kougitko <klug@apriorit.com> wrote:
it seems that problem with buffer sizes try to change asio/ssl/detail/openssl_stream_service.hpp openssl_stream_service::create ::BIO_new_bio_pair(&int_bio, 3*8192, &impl->ext_bio, 3*8192); it helps in my case
Suspicious. Does going the other way and making the buffer smaller increase the likelihood of a problem?
not sure about true reason but sending small packet works fine if data packet send via ssl stream become bigger everything crash eventually sounds like scenario my enviroments win xp sp2 vc80 openssl 0.9.8a and FC5 gcc 4.1.0 and openssl 0.9.8a this fix things for me but for sure additional toughts from people with more ssl knowledge needed
Cheers, Chris
_______________________________________________ Unsubscribe & other changes: http://lists.boost.org/mailman/listinfo.cgi/boost
Hi Scott, Scott <cheesy4poofs@cox.net> wrote:
Using the same certificates and key files from the sample code, I added the handshaking and got our client and server to communicate. It all seemed great at first, because it seemed to seemlessly work. But eventually the communications break down. I either get asserts in my code from unexpected data in the stream, or the client hangs waiting for data that never appears or any of several different stream problems. It's rarely the exact same thing. But it eventually always fails. Especially on long sustained transfers.
Is your program single or multithreaded? Any chance you can boil it down to a test program? What version of OpenSSL are you using?
I have no idea what I might be doing wrong. There's really no documentation at all on ASIO and SSL. For all I know, it might be a problem with the SSL implementation in ASIO.
Sounds like a bug to me.
Which brings me to my question - has anybody successfully used the SSL classes in ASIO on complex projects? If so, that would point to a problem in my code somewhere. Perhaps I need to do more than just add the initial SSL handshake (aside from using the SSL stream beyond that point)?
No, once you've done the handshake it should work. Cheers, Chris
participants (3)
-
Christopher Kohlhoff -
Scott -
viktor kougitko