[Libwebsockets] Problem with sending big message via SSL

Eugene Agafonov e.a.agafonov at gmail.com
Thu Jan 16 13:10:41 CET 2014


Hi!

I've discovered an issue: server is not able to send big messages (>8k) via 
SSL.

Top level call I've got failed is libwebsocket_write: it returns -1 whenever 
I'm trying to send 8k bytes or more.

Deep investigation discovers a documented behavior of SSL_write function.
By default it sends all or nothing.

http://www.openssl.org/docs/ssl/SSL_write.html

> SSL_write() will only return with success, when the complete contents of buf 
> of length num has been written. This default behaviour can be changed with
> the SSL_MODE_ENABLE_PARTIAL_WRITE option of SSL_CTX_set_mode(3). When this
> flag is set, SSL_write() will also return with success, when a partial write
> has been successfully completed. In this case the SSL_write() operation is
> considered completed. The bytes are sent and a new SSL_write() operation
> with a new buffer (with the already sent bytes removed) must be started.

So... In some conditions server fails to write a message into SSL connection.
It could be reproduced with sending leaf.jpg image file.

Steps to reproduce:

1. Increase sending buffer from 4096 to 4096*2 at test-server/test-server.c, 
line 208

http://git.libwebsockets.org/cgi-bin/cgit/libwebsockets/tree/test-server/test-
server.c#n208

2. Run test server with SSL and Debug logging enabled
#> test-server/libwebsockets-test-server -d 223 -s --resource_path test-server

3. Try to fetch leaf.jpg with curl
#> curl -k https://test-server-hostname:7681/leaf.jpg > /dev/null
or
just open URL 'https://test-server-hostname:7681/leaf.jpg' in browser

Expected result:
File is downloaded and displayed in browser window
curl does not report of any error
test server log does not contain any error

Actual reault:

test server log contains an error message 'ERROR writing to socket'

>lwsts[29094]: HTTP GET request for '/leaf.jpg'
>    GET URI = /leaf.jpg
>    Host = 192.168.2.87:7681
>    Accept: = */*
> lwsts[29094]: ERROR writing to socket

'ERROR writing to socket' comes from lib/output.c:167

http://git.libwebsockets.org/cgi-bin/cgit/libwebsockets/tree/lib/output.c#n167

important note: Issue does not appear if server and client is launched on same 
host. It happens if leaf.jpg flies over network.

I've  added some extra logging with SSL_get_error after SSL_write call:
it fails with error  SSL_ERROR_WANT_READ
(http://www.openssl.org/docs/ssl/SSL_get_error.html)

I was trying to set ENABLE_PARTIAL_WRITE to SSL context/connection but it does 
not help. SSL_write fails with same error (but it's really strange and 
contradicts with the documentation)

It seems to me some retry mechanism shall be implemented or partial writes 
need to be supported

Any comments/ides how to send large messages?

Thanks a lot, Eugene Agafonov.



More information about the Libwebsockets mailing list