I'm receiving data via an SSL connection and after several minutes SSL_read() returns 0 (I'm using blocking socket, so it shouldn't return 0) and then SSL_get_error() returns 6. However, I cannot find what 6 means and what I need to do to fix this?

It's happening multiple times, each time it occurs several minutes after I establish connection.

As i'm only streaming data there's not much I can be doing wrong.

Any advice how to log additional information on SSL problems?

CodePudding user response：

However, I cannot find what 6 means

The relevant define's are in ssl.h:

$ grep  SSL_ERROR_ /usr/include/openssl/ssl.h 
# define SSL_ERROR_NONE                  0
...
# define SSL_ERROR_ZERO_RETURN           6
...

From the documentation on this error:

SSL_ERROR_ZERO_RETURN
The TLS/SSL peer has closed the connection for writing by sending the close_notify alert. No more data can be read. Note that SSL_ERROR_ZERO_RETURN does not necessarily indicate that the underlying transport has been closed.

In other words: the peer did a shutdown of the TLS session. So this is not actually a SSL problem since the peer behaves how it is supposed when closing the SSL session.

what I need to do to fix this?

It is unknown why the peer closes the connection but it unlikely has anything to do with SSL.

Unfortunately there is nothing known about he peer or the application protocol you are using. So it is unclear how the peer should behave in the first place, i.e. if what you see is normal behavior and your expectations are wrong or if there is some problem at the peer.

So first step for fixing would be to understand what application protocol is used here and if what you see might even be the expected behavior. If this is not the case check any log files on the peer side or analyze the source code of the peer for bugs.

If you expect more help from the community please provide enough context about application protocol and the peer, so that ideally others can reproduce and thus debug what you see.