[Libwebsockets] SSL_accept failed SSL_ERROR_WANT_READ

"Andy Green (林安廸)" andy at warmcat.com
Sat Feb 15 06:58:07 CET 2014


On 30/01/14 04:04, the mail apparently from Thomas Spitz included:
> Dear everyone,
>
> Using simple libwebsockets-test-server with SSL, I always have the
> following debug message :
>
> lwsts[662]: SSL_accept failed 2 / error:00000002:lib(0):func(0):system lib
> lwsts[662]: SSL_ERROR_WANT_READ
>
> whereas my certificate are correctly set in the browser and it is
> recognized by it. Moreover, the connection seems completly OK.
>
> Here below the complete trace :
>
>
>     # ./libwebsockets-test-server -d 31 -ssl
>     ./libwebsockets-test-server: invalid option -- l
>     lwsts[662]: libwebsockets test server - (C) Copyright 2010-2013 Andy
>     Green <andy at warmcat.com <mailto:andy at warmcat.com>> - licensed under
>     LGPL2.1
>     lwsts[662]: Initial logging level 31
>     lwsts[662]: Library version: 1.3 a638d5a
>     lwsts[662]:  LWS_MAX_HEADER_LEN: 1024
>     lwsts[662]:  LWS_MAX_PROTOCOLS: 5
>     lwsts[662]:  LWS_MAX_EXTENSIONS_ACTIVE: 3
>     lwsts[662]:  SPEC_LATEST_SUPPORTED: 13
>     lwsts[662]:  AWAITING_TIMEOUT: 5
>     lwsts[662]:  SYSTEM_RANDOM_FILEPATH: '/dev/urandom'
>     lwsts[662]:  LWS_MAX_ZLIB_CONN_BUFFER: 65536
>     lwsts[662]:  static allocation: 4452 + (12 x 1024 fds) = 16740 bytes
>     lwsts[662]:  canonical_hostname =myProduct
>     lwsts[662]:  Compiled with OpenSSL support
>     lwsts[662]:  Using SSL mode
>     lwsts[662]:  per-conn mem: 124 + 1554 headers + protocol rx buf
>     lwsts[662]: insert_wsi_socket_into_fds: wsi=0x82fca0, sock=5, fds pos=0
>     lwsts[662]:  Listening on port 7681
>     lwsts[662]: insert_wsi_socket_into_fds: wsi=0x830000, sock=6, fds pos=1
>     lwsts[662]: inserted SSL accept into fds, trying SSL_accept
>     lwsts[662]: SSL_accept failed 2 /
>     error:00000002:lib(0):func(0):system lib
>     lwsts[662]: SSL_ERROR_WANT_READ
>     lwsts[662]: accepted new SSL conn
>     lwsts[662]: HTTP GET request for '/'
>          GET URI = /
>          Host = 192.168.1.5:7681 <http://192.168.1.5:7681>
>          Connection = keep-alive
>          Accept: =
>     text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
>          Accept-Encoding: = gzip,deflate,sdch
>          Accept-Language: = fr-FR,fr;q=0.8,en-US;q=0.6,en;q=0.4
>          Cache-Control: = max-age=0
>          Cookie: = test=LWS_1322044_360921_COOKIE
>     lwsts[662]: LWS_CALLBACK_HTTP closing
>     lwsts[662]: closing connection at libwebsocket_read bail:
>     lwsts[662]: closing http fd 7
>     lwsts[662]: close: just_kill_connection
>     lwsts[662]: remove_wsi_socket_from_fds: wsi=0x830000, sock=6, fds pos=1
>     lwsts[662]: calling back CLOSED_HTTP
>     lwsts[662]: insert_wsi_socket_into_fds: wsi=0x842728, sock=6, fds pos=1
>     lwsts[662]: inserted SSL accept into fds, trying SSL_accept
>     lwsts[662]: SSL_accept failed 2 /
>     error:00000002:lib(0):func(0):system lib
>     lwsts[662]: SSL_ERROR_WANT_READ
>     lwsts[662]: insert_wsi_socket_into_fds: wsi=0x842478, sock=7, fds pos=2
>     lwsts[662]: inserted SSL accept into fds, trying SSL_accept
>     lwsts[662]: SSL_accept failed 2 /
>     error:00000002:lib(0):func(0):system lib
>     lwsts[662]: SSL_ERROR_WANT_READ
>     lwsts[662]: accepted new SSL conn
>     lwsts[662]: HTTP GET request for '/libwebsockets.org-logo.png'
>          GET URI = /libwebsockets.org-logo.png
>          Host = 192.168.1.5:7681 <http://192.168.1.5:7681>
>          Connection = keep-alive
>          Accept: = image/webp,*/*;q=0.8
>          Accept-Encoding: = gzip,deflate,sdch
>          Accept-Language: = fr-FR,fr;q=0.8,en-US;q=0.6,en;q=0.4
>          Cache-Control: = max-age=0
>          Cookie: = test=LWS_1322044_360921_COOKIE
>          Referer: = https://192.168.1.5:7681/
>     lwsts[662]: LWS_CALLBACK_HTTP closing
>     lwsts[662]: closing connection at libwebsocket_read bail:
>     lwsts[662]: closing http fd 8
>     lwsts[662]: close: just_kill_connection
>     lwsts[662]: remove_wsi_socket_from_fds: wsi=0x842728, sock=6, fds pos=1
>     lwsts[662]: calling back CLOSED_HTTP
>     lwsts[662]: accepted new SSL conn
>     lwsts[662]: insert_wsi_socket_into_fds: wsi=0x842728, sock=6, fds pos=2
>     lwsts[662]: inserted SSL accept into fds, trying SSL_accept
>     lwsts[662]: SSL_accept failed 2 /
>     error:00000002:lib(0):func(0):system lib
>     lwsts[662]: SSL_ERROR_WANT_READ
>          GET URI = /xxx
>          Host = 192.168.1.5:7681 <http://192.168.1.5:7681>
>          Connection = Upgrade
>          Protocol = dumb-increment-protocol
>          Upgrade = websocket
>          Origin = https://192.168.1.5:7681
>          Key = C6VIbVBhaimYeXV0uI6pMQ==
>          Version = 13
>          Extensions = permessage-deflate; client_max_window_bits,
>     x-webkit-deflate-frame
>          Pragma: = no-cache
>          Cache-Control: = no-cache
>          Cookie: = test=LWS_1322044_360921_COOKIE
>     lwsts[662]: callback_dumb_increment: LWS_CALLBACK_ESTABLISHED
>     lwsts[662]: Allocating RX buffer 32
>     lwsts[662]: accepted new SSL conn
>     lwsts[662]: insert_wsi_socket_into_fds: wsi=0x83faf8, sock=8, fds pos=3
>     lwsts[662]: inserted SSL accept into fds, trying SSL_accept
>     lwsts[662]: SSL_accept failed 2 /
>     error:00000002:lib(0):func(0):system lib
>     lwsts[662]: SSL_ERROR_WANT_READ
>     lwsts[662]: HTTP GET request for '/favicon.ico'
>          GET URI = /favicon.ico
>          Host = 192.168.1.5:7681 <http://192.168.1.5:7681>
>          Connection = keep-alive
>          Accept: = */*
>          Accept-Encoding: = gzip,deflate,sdch
>          Accept-Language: = fr-FR,fr;q=0.8,en-US;q=0.6,en;q=0.4
>          Cookie: = test=LWS_1322044_360921_COOKIE
>     lwsts[662]: LWS_CALLBACK_HTTP closing
>     lwsts[662]: closing connection at libwebsocket_read bail:
>     lwsts[662]: closing http fd 9
>     lwsts[662]: close: just_kill_connection
>     lwsts[662]: remove_wsi_socket_from_fds: wsi=0x842728, sock=6, fds pos=2
>     lwsts[662]: calling back CLOSED_HTTP
>     lwsts[662]: deflate-frame ext TX did realloc to 4
>     lwsts[662]: deflate-frame ext TX did realloc to 4
>     lwsts[662]: deflate-frame ext TX did realloc to 4
>     lwsts[662]: accepted new SSL conn
>          GET URI = /xxx
>          Host = 192.168.1.5:7681 <http://192.168.1.5:7681>
>          Connection = Upgrade
>          Protocol = lws-mirror-protocol
>          Upgrade = websocket
>          Origin = https://192.168.1.5:7681
>          Key = 4KS2kzukHEgwOhJVd9IxMg==
>          Version = 13
>          Extensions = permessage-deflate; client_max_window_bits,
>     x-webkit-deflate-frame
>          Pragma: = no-cache
>          Cache-Control: = no-cache
>          Cookie: = test=LWS_1322044_360921_COOKIE
>     lwsts[662]: callback_lws_mirror: LWS_CALLBACK_ESTABLISHED
>     lwsts[662]: Allocating RX buffer 150
>
>
>
> Using libwebsocket in my own program (multi threaded app on embedded
> linux arm), I also have those kind of error but with slightly different
> code number. In this app, I namely added the following code to

They're not errors, just information.

The meaning is that the underlying SSL connection cannot accept the 
write at this moment.

The reason is that it is waiting on a packet back from the peer that 
allows it to proceed with the encrypted connection.

That's why it says WANT_READ.... it's like "... uh I can probably send 
that data in a minute, but first I have to hear back from the peer... 
hold on..."

During a connection, SSL renegotiation can also cause this situation.

> libwebsocket-test-server:
>
> case LWS_CALLBACK_FILTER_NETWORK_CONNECTION:
> libwebsockets_get_peer_addresses(context, wsi, (int) (long) in,
> client_name, sizeof(client_name), client_ip, sizeof(client_ip));
> /* if we returned non-zero from here, we kill the connection */
> break;
> I also wonder why I sometimes get "gethostbyaddr: Resource temporarily
> unavailable" message. Besides, my app on LAN or WAN with a default route
> gateway (egg: route add default gw 192.168.1.1), it works not too bad
> but as soon as I do the following :

Dunno either, we're not generating that error though.

-Andy

>   - Remove access to the gateway from the LAN : An other computer on the
> same LAN as the server cannot have webpage served by the server although
> they both can reach each other using ping. (Moreover, using the default
> libwebsocket-test-server it works).
>   - Use an other computer to upload a very big file to an external
> server (using filezila)
> It either doesn't work at all or take 50 times more time than usual.
>
> Notes:
> - My webpage is linked to several external files (css, js, img)
> - In this test I do use only HTTP (no websocket)
>
>     gethostbyaddr: Success
>     lwsts[622]: insert_wsi_socket_into_fds: wsi=0x10b2a0, sock=10, fds pos=1
>     lwsts[622]: inserted SSL accept into fds, trying SSL_accept
>     lwsts[622]: SSL_accept failed 2 /
>     error:00000002:lib(0):func(0):system lib
>     lwsts[622]: SSL_ERROR_WANT_READ
>     lwsts[622]: accepted new SSL conn
>     lwsts[622]: HTTP GET request for '/index.html'
>          GET URI = /index.html
>          Host = 192.168.1.5
>          Connection = keep-alive
>          Accept: =
>     text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
>          Accept-Encoding: = gzip,deflate,sdch
>          Accept-Language: = fr-FR,fr;q=0.8,en-US;q=0.6,en;q=0.4
>          Cache-Control: = max-age=0
>     lwsts[622]: LWS_CALLBACK_HTTP closing
>     lwsts[622]: closing connection at libwebsocket_read bail:
>     lwsts[622]: closing http fd 11
>     lwsts[622]: close: just_kill_connection
>     lwsts[622]: remove_wsi_socket_from_fds: wsi=0x10b2a0, sock=10, fds pos=1
>     lwsts[622]: calling back CLOSED_HTTP
>     gethostbyaddr: Success
>     lwsts[622]: insert_wsi_socket_into_fds: wsi=0x10b2a0, sock=10, fds pos=1
>     lwsts[622]: inserted SSL accept into fds, trying SSL_accept
>     lwsts[622]: SSL_accept failed 2 /
>     error:00000002:lib(0):func(0):system lib
>     lwsts[622]: SSL_ERROR_WANT_READ
>     gethostbyaddr: Resource temporarily unavailable
>     lwsts[622]: insert_wsi_socket_into_fds: wsi=0x11bf78, sock=11, fds pos=2
>     lwsts[622]: inserted SSL accept into fds, trying SSL_accept
>     lwsts[622]: SSL_accept failed 5 / error:00000005:lib(0):func(0):DH lib
>     lwsts[622]: SSL_accept failed skt 9:
>     error:00000005:lib(0):func(0):DH lib
>     lwsts[622]: close: just_kill_connection
>     lwsts[622]: remove_wsi_socket_from_fds: wsi=0x11bf78, sock=11, fds pos=2
>     lwsts[622]: not calling back closed
>     lwsts[622]: TIMEDOUT WAITING
>     lwsts[622]: close: just_kill_connection
>     lwsts[622]: remove_wsi_socket_from_fds: wsi=0x10b2a0, sock=10, fds pos=1
>     lwsts[622]: not calling back closed
>     gethostbyaddr: Success
>     lwsts[622]: insert_wsi_socket_into_fds: wsi=0x10b2a0, sock=10, fds pos=1
>     lwsts[622]: inserted SSL accept into fds, trying SSL_accept
>     lwsts[622]: SSL_accept failed 5 / error:00000005:lib(0):func(0):DH lib
>     lwsts[622]: SSL_accept failed skt 9:
>     error:00000005:lib(0):func(0):DH lib
>     lwsts[622]: close: just_kill_connection
>     lwsts[622]: remove_wsi_socket_from_fds: wsi=0x10b2a0, sock=10, fds pos=1
>     lwsts[622]: not calling back closed
>
>
> Hope someone has advices to share :-)
>
>   Thanks in advance
> BR,
> Thomas
>
>
> _______________________________________________
> Libwebsockets mailing list
> Libwebsockets at ml.libwebsockets.org
> http://ml.libwebsockets.org/mailman/listinfo/libwebsockets
>




More information about the Libwebsockets mailing list