[Libwebsockets] Caching TLS session attempted for apparently invalid wsi

Andy Green andy at warmcat.com
Thu Jun 24 07:52:15 CEST 2021



On 6/22/21 7:55 PM, Catalin Raceanu wrote:
> Hello,
> 
> 
> Sometimes LWS logs a lot of
> 
>     W: lws_tls_session_tag_from_wsi: wsi has no stash

I think this log isn't really interesting, as you say...

> Debugging it, turns out they come from
> 
>     1  lws_tls_session_tag_from_wsi                tls-sessions.c       49
>     2  lws_tls_session_new_cb                      openssl-session.c    228
>     3  lws_sess_cache_synth_cb                     openssl-session.c    325
>     4  lws_ssl_close                               openssl-ssl.c        458
>     5  __lws_close_free_wsi_final                  close.c              818
>     6  lws_libuv_closewsi                          libuv.c              801
> 
> This is from v4.2-stable, commit 7c3c179e.
> 
> I suspect it happens when a wsi that did not actually connected anywhere 
> is destroyed.

... right, it's not going to have any interesting news about tls session 
if it did not have the stash, which is used to carry client connection 
information from the creation until after the connection (and tls) is 
set up.

> One way to work around that was to change lws_ssl_close() in openssl-ssl.c:
> - lws_sess_cache_synth_cb(&wsi->tls.sul_cb_synth);
> 
> +        if (wsi->stash)
> + lws_sess_cache_synth_cb(&wsi->tls.sul_cb_synth);
> 
> but I'm not sure this is the right solution.

There's nothing wrong with that but since it will deal with the 
situation, we can also just remove the noisy log.

I pushed a patch for that on v4.2-stable and it'll be on main later.

-Andy


More information about the Libwebsockets mailing list