Topic: error -308 with libcurl application after a few minutes delay

Hello,

The problem today is that wolfSSL stops communicating with the server after 10-20 minutes of success.

My application is using libcurl and I am using the 7.44.0 version of that library.
I am using a version of wolfSSL checked out yesterday morning (edc9a24).

With debug tracing on, I have tracked the error down to somewhere near the following sequence, which repeats for every failed request until the program is restarted.

wolfSSL Entering SSL_new
wolfSSL Leaving SSL_new, return 0
wolfSSL Entering SSL_set_session
wolfSSL Entering SSL_get_error
wolfSSL Leaving SSL_get_error, return 0
wolfSSL Entering ERR_error_string
wolfSSL Entering SSL_shutdown()
growing output buffer

Embed Send error
    General error
wolfSSL error occured, error = -308
wolfSSL Entering SSL_free
CTX ref count not 0 yet, no free
Shrinking output buffer

wolfSSL Entering BIO_free
wolfSSL Leaving SSL_free, return 0
wolfSSL Entering SSL_CTX_free
CTX ref count down to 0, doing full free
wolfSSL Entering wolfSSL_CertManagerFree
wolfSSL Leaving SSL_CTX_free, return 0

-308 is SOCKET_ERROR_E "error state on socket". Not sure what is causing this. The server side is stable, has hundreds of clients online for months at a time with a different TLS library. wolfSSL is new to me as is the libcurl glue, but libcurl only gives me "SSL connect error" (35) so I'm not sure if it would be productive to troubleshoot from that end.

Clues or suggestions would be much appreciated.

Share

Re: error -308 with libcurl application after a few minutes delay

Hi csg,

In your debug log, it seems odd that SSL_shutdown() is being called right after SSL_new().  SSL_new() creates a new SSL session, which is then usually followed by SSL_connect() or SSL_read/SSL_write().

My guess is that since the application just created a new SSL session, but hasn't yet established that connection with a peer, SSL_shutdown() is failing to send it's CloseNotify Alert, giving you a Embed Send error.

Best Regards,
Chris

Re: error -308 with libcurl application after a few minutes delay

It looks to me as if there's a problem with the way libcurl is interacting with wolfSSL.

If libcurl has a cached session, it will try to call its SSL_set_session function. For the cyassl backend, this can fail if wolfSSL's SetSession determines that the session has timed out (wolfssl/src/ssl.c, line 6333).

When the backend (wolfSSL in this case) returns an error, curl gives up on that connection.

Still not sure why a connection is not reestablished after the error. It's up to the TLS library to decide when the session expires.

Share

Re: error -308 with libcurl application after a few minutes delay

I resolved this for now by patching libcurl to ignore a 0 result from SSL_set_session. Seems to work fine so far.

Share