tags:

views:

40

answers:

1
+3  Q: 

How to clean up a bad OpenSSL connection

If a call to SSL_accept fails, I want to just bail out.

Currently I'm calling SSL_shutdown and then SSL_free, but since implementing this, two customers have had crashes deep down in OpenSSL (when calling SSL_accept at a later time), so I'm guessing maybe this isn't the best way to clean up.

The docs say SSL_shutdown is used to correctly cleanup, and it might need to be called twice (although if SSL_accept failed, I wouldn't think that would be the case). SSL_clear is another option, but it seems like more of a connection reset.

SSL_free decrements a reference count and deletes the connection if the reference count hits 0. I know my code doesn't have any references, but the 'session' might?

Is there a definitive way for completely closing/shutting down/freeing an SSL object with OpenSSL?

+1  A: 

Once you've called SSL_free() on the SSL object, you shouldn't use it again. You need to ensure that a new SSL is created with SSL_new() for the subsequent SSL_accept().

caf  2010-09-01 00:15:20
I'm definitely not reusing the SSL* after calling SSL_free.So once I call SSL_free(), that's all I have to do to clean it up? No matter what errors or connections happened previously?
DougN  2010-09-01 22:15:05
@DougN: Correct. Note that `SSL_free()` also frees the underlying BIOs - could that be the source of your problem?
caf  2010-09-01 22:56:12
@caf: I'm 99% sure that the BIOs are _not_ freed. As far as I know, it's just SSL_shutdown and then SSL_free. Then nothing is touched again. Guess I'm doing it right (but will double check the BIOs) -- hopefully the crashes are just coincedence... Thanks for the help.
DougN  2010-09-02 12:58:36

related questions

Of Memory Management, Heap Corruption, and C++
How do I make a GUI?
Alpha blending sprites in Nintendo DS Homebrew
Thread safe lazy contruction of a singleton in C++
Interview Programming Questions - In house Exam
Link issues (VC6)
What are the barriers to understanding pointers and what can be done to overcome them?
Why are professors or schools picking Java over C++ to teach to students?
What is the best way to create a sparse array in C++
C/C++ library for reading MIDI signals from a USB MIDI device
How do you pack a visual studio c++ project for release?
How to set up unit testing for Visual Studio C++
How do I configure and communicate with a serial port?
Lightweight IDE for Linux
Mapping Stream data to data structures in C#
CPU throttling in C++
Asynchronous multi-direction server-client communication over the same open socket?
Exceptions in C++
Heap corruption under Win32; how to locate?
Build for Windows NT 4.0 using Visual Studio 2005?
C++: Should I use nested classes in this case?
BerkeleyDB Concurrency
GTK implementation of MessageBox
Is gettimeofday() guaranteed to be of microsecond resolution?
How to use the C socket API in C++ on z/OS