2331 – SSL error when sending "large amounts" of data between a JaCORB client and TAO server

Bug 2331 - SSL error when sending "large amounts" of data between a JaCORB client and TAO server

Summary: SSL error when sending "large amounts" of data between a JaCORB client and TA...

Status:	NEW

Alias:	None

Product:	ACE
Classification:	Unclassified
Component:	SSL Wrappers (show other bugs)
Version:	5.4.7
Hardware:	SPARC Solaris

Importance:	P5 normal
Assignee:	DOC Center Support List (internal)

URL:

Depends on:
Blocks:	2320
	Show dependency tree

Reported:	2005-12-14 07:29 CST by Chad Elliott
Modified:	2006-04-21 12:15 CDT (History)
CC List:	0 users

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Chad Elliott 2005-12-14 07:29:57 CST

We had a customer report a problem with TAO 1.4a p5 relating to OpenSSL 0.9.8. 
It seemed that they would get an SSL error when sending "large amounts" of data
between a JaCORB client and TAO server which were both configured to use SSL.

The relevant portion of ORB debug output is as follows:

Nov  9 11:02:56.611 2005@LM_DEBUG@TAO (8245|48) -
Transport[43]::drain_queue_i, helper retval = 1

Nov  9 11:02:56.612 2005@LM_DEBUG@TAO (8245|48) -
Transport[43]::send_reply_message_i, preparing to add to queue before leaving

Nov  9 11:02:56.615 2005@LM_ERROR@ACE_SSL (8245|48) error code:
336195711 - error:1409F07F:SSL routines:SSL3_WRITE_PENDING:bad write retry

Nov  9 11:02:56.615 2005@LM_DEBUG@TAO (8245|48) -
Transport[43]::drain_queue_helper, error during send():

<unknown error> = 336195711


Another important piece of information is what their service configurator file
contained:

static Server_Strategy_Factory "-ORBConcurrency thread-per-connection"
dynamic SSLIOP_Factory Service_Object
*TAO_SSLIOP:_make_TAO_SSLIOP_Protocol_Factory() "-SSLAuthenticate NONE
-SSLPrivateKey PEM:server_key.pem -SSLCertificate PEM:server_cert.pem"
dynamic Advanced_Resource_Factory Service_Object
*TAO_Strategies:_make_TAO_Advanced_Resource_Factory () "-ORBProtocolFactory
SSLIOP_Factory -ORBFlushingStrategy blocking"
static Client_Strategy_Factory "-ORBConnectStrategy blocked"
static Client_Strategy_Factory "-ORBClientConnectionHandler RW"
static Client_Strategy_Factory "-ORBTransportMuxStrategy exclusive"


The -ORBClientConnectionHandler RW specifies that the ORB Wait Strategy was not
non-blocking (I love double negatives).  This is important because the code in
SSLIOP_Connection_Handler.cpp to set the SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER
attribute on the SSL connection is not executed.

Now, having said all that, I was never able to reproduce the customers problem.
 But, he was aware (through ace-users) that calling

::SSL_set_mode (ssl_, SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER);

on the SSL connection, may correct his problem.  He stated that the error he was
seeing was consistently reproducable and that adding the above bit of code to
the constructor in $ACE_ROOT/ace/SSL/SSL_SOCK_Stream.cpp corrected the problem.

Considering that this code did not actually harm anything, I committed the
change to TAO 1.4a.

My question to those that monitor the DOC bugzilla is would it be acceptable to
commit this change to the DOC repo?

Comment 1 Ossama Othman 2006-01-12 12:24:32 CST

Mine.