DTSCode DTSCode - 3 months ago 85
C Question

Non-blocking BIO and hang after BIO_do_connect

I am writing a small little IRC bot in C using openssl to start a secure socket. It isn't the most beautifully written bot, but its mostly just to see how the openssl API works. Currently I have the following code:

#include <stdio.h>
#include <string.h>
#include <openssl/bio.h>
#include <openssl/ssl.h>
#include <openssl/err.h>

int main() {
SSL_load_error_strings();
ERR_load_BIO_strings();
OpenSSL_add_all_algorithms();

BIO *bio;
SSL_CTX * ctx = SSL_CTX_new(SSLv23_client_method());
SSL * ssl;

SSL_CTX_load_verify_locations(ctx, NULL, "/etc/ssl/certs/");
bio = BIO_new_ssl_connect(ctx);
BIO_get_ssl(bio, & ssl);
SSL_set_mode(ssl, SSL_MODE_AUTO_RETRY);
BIO_set_nbio(bio, 1);
BIO_set_conn_hostname(bio, "irc.freenode.net:6697");
BIO_do_connect(bio);

if(SSL_get_verify_result(ssl) != X509_V_OK) {
printf("error\n");
}

char irc1[] = "NICK bartender\r\n";
char irc2[] = "USER bartender * * :serve(&drinks);\r\n";

BIO_write(bio, irc1, strlen(irc1));
BIO_write(bio, irc2, strlen(irc2));

fd_set read_set;
int sock = BIO_get_fd(bio, NULL);

while(1) {
FD_ZERO(&read_set);
FD_SET(sock, &read_set);

struct timeval timeout = { 0, 0 };
select(sock+1, &read_set, NULL, NULL, &timeout);

if(FD_ISSET(sock, &read_set)) {
char buf[21];
size_t x = BIO_read(bio, buf, 20);

if(x == 0) {
continue;
} else if(x == -1){
int code = ERR_get_error();

if(code == 0) {
continue;
}

printf("(%d)%s\n", code, ERR_error_string(code, NULL));
} else {
buf[x] = '\0';
printf("%s", buf);
}
}
}
}


Whenever I compile and run this code, it just hangs and prints nothing. However, if I remove line 20 (which currently puts the socket into nonblocking mode) it works fine. Why does putting the socket in non-blocking mode cause this behavior? Thank you and have a great day!

jww jww
Answer

Whenever I run this code, it just hangs and prints nothing. However, if I remove line 20 (which currently puts the socket into nonblocking mode) it works fine.

BIO_do_connect returns immediately in non-blocking mode. You should loop on BIO_should_retry. Here's what the man page has to say about BIO_do_connect:

BIO_do_connect() attempts to connect the supplied BIO. It returns 1 if the connection was established successfully. A zero or negative value is returned if the connection could not be established, the call BIO_should_retry() should be used for non blocking connect BIOs to determine if the call should be retried.


Why does putting the socket in non-blocking mode cause this behavior?

The call to BIO_do_connect returns immediately; the socket/bio is probably not ready for data (yet).


An alternative to looping on BIO_do_connect/BIO_should_retry is to wait on the underlying file descriptor. Its the technique used by OpenSSL in the ocsp subcommand (the source can be found in <openssl src>/apps/ocsp.c):

if (req_timeout != -1)
    BIO_set_nbio(cbio, 1);

rv = BIO_do_connect(cbio);

if ((rv <= 0) && ((req_timeout == -1) || !BIO_should_retry(cbio))) {
    BIO_puts(err, "Error connecting BIO\n");
    return NULL;
}

if (BIO_get_fd(cbio, &fd) < 0) {
    BIO_puts(bio_err, "Can't get connection fd\n");
    goto err;
}

if (req_timeout != -1 && rv <= 0) {
    FD_ZERO(&confds);
    openssl_fdset(fd, &confds);
    tv.tv_usec = 0;
    tv.tv_sec = req_timeout;
    rv = select(fd + 1, NULL, (void *)&confds, NULL, &tv);
    if (rv == 0) {
        BIO_puts(err, "Timeout on connect\n");
        return NULL;
    }
}

Also see Non-blocking BIO and BIO_do_connect problem on the OpenSSL Users mailing list. There's also a few hits on Stack Overflow, but I'm not sure which is the best fit for this question: