EldoS | Feel safer!

Software components for data protection, secure storage and transfer

SSL session cannot be established - sometimes

Also by EldoS: Rethync
The cross-platform framework that simplifies synchronizing data between mobile and desktop applications and servers and cloud storages
#2461
Posted: 03/08/2007 03:45:35
by Matthias Hanft (Basic support level)
Joined: 04/28/2006
Posts: 15

Hello,

I'm running a Delphi (7prof) TIdHTTPServer with SBB's Indy IOHandler (version October 2006). Since it's very important that this server runs 24/7, I installed a shell script on a remote Linux computer (using curl) which does a HTTPS request every five minutes. If somethings goes wrong, that script will send me an error message by e-mail and SMS.

So, there are 288 requests per day, and about 2-3 of them fail each day with curl error 35 "SSL connect error. The SSL handshaking failed." The next request immediately after that, however, works fine again.

(It's the website [URL=https://wddx.hanft.de/ktopruef?un=demo&pw=demo&blz=89999999&kto=1234]here[/URL], if you want to try it yourself.)

How could I debug this problem? Which approach should I take?

Thank you,

Matthias
#2462
Posted: 03/08/2007 04:01:06
by Eugene Mayevski (EldoS Corp.)

You can use OnError event on the server to see if any SSL error happens.
In general, who said the connection must be established *always*? TCP doesn't guarantee this. In case of network failures (which are common these days) or timeouts you get such result.


Sincerely yours
Eugene Mayevski
#2463
Posted: 03/08/2007 04:09:14
by Eugene Mayevski (EldoS Corp.)

I've checked curl source code and found out that the error is returned by (gtls.c) handshake() function if *anything* goes wrong. So this is likely a network error.


Sincerely yours
Eugene Mayevski
#2464
Posted: 03/08/2007 04:19:45
by Matthias Hanft (Basic support level)
Joined: 04/28/2006
Posts: 15

Thank you for your quick reply. I'll try the OnError event and see what happens... (you're talking about the TIdHTTPServer.OnError event, right? Are there any error events included in SBB? Couldn't find any).

Surely TCP is not "guaranteed", but a network failure would be a bit odd since the two computers stand side-by-side and are connected by the same LAN switch.

(I run a HTTP server (without SSL) on the same machine, too, and never get any error message from that. So I think the TCP connection is not the problem - just the initial handshake seems to go wrong somehow.)

Matthias
#2465
Posted: 03/08/2007 06:09:26
by Eugene Mayevski (EldoS Corp.)

Quote
Matthias Hanft wrote:
Thank you for your quick reply. I'll try the OnError event and see what happens... (you're talking about the TIdHTTPServer.OnError event, right? Are there any error events included in SBB? Couldn't find any).


No, I am talking about OnError event of the IOHandler. You can find it if you look at the source code. Since I don't know what version of Indy you are using, I can't say.

Quote
Matthias Hanft wrote:
Surely TCP is not "guaranteed", but a network failure would be a bit odd since the two computers stand side-by-side and are connected by the same LAN switch.


This is not always so. I saw network failures with various network cards due to problems with drivers.

Quote
Matthias Hanft wrote:
So I think the TCP connection is not the problem - just the initial handshake seems to go wrong somehow


You can take curl and patch it to return more meaningful error messages.


Sincerely yours
Eugene Mayevski
Also by EldoS: CallbackProcess
A component to control process creation and termination in Windows and .NET applications.

Reply

Statistics

Topic viewed 5428 times

Number of guests: 1, registered members: 0, in total hidden: 0




|

Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!