<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=gb2312">
<style type="text/css" style="display:none"><!-- p { margin-top: 0px; margin-bottom: 0px; }--></style>
</head>
<body dir="ltr" style="font-size:12pt;color:#000000;background-color:#FFFFFF;font-family:'Courier New',monospace;">
<p>Just an update on this issue.<br>
</p>
<p>My colleague Ross Lagerwall found that this was caused by server side not sending ssl alert before closing ssl connection.<br>
</p>
<p><br>
</p>
<p>A further debug shows that on server side, since "TIMEOUTclose" was configured as 0, "s_poll_wait" in "transfer" function in "src/client.c" returned as timeout immediately. This made "transfer" return without sending ssl alert to client even the "shutdown_wants_write"
was 1.<br>
</p>
<p><br>
</p>
<div dir="ltr" style="font-size:12pt; color:#000000; background-color:#FFFFFF; font-family:'Courier New',monospace">
<hr tabindex="-1" style="display:inline-block; width:98%">
<div id="divRplyFwdMsg" dir="ltr"><font face="Calibri, sans-serif" color="#000000" style="font-size:11pt"><b>From:</b> Ming Lu<br>
<b>Sent:</b> Friday, December 13, 2019 17:48<br>
<b>To:</b> stunnel-users@stunnel.org<br>
<b>Cc:</b> Ming Lu<br>
<b>Subject:</b> Stunnel-5.55 client close TLS socket before it could read more bytes</font>
<div> </div>
</div>
<div>
<p>Hello,<br>
</p>
<p><br>
</p>
<p>May I please have help on this issue? Thanks in advance!<br>
</p>
<p><br>
</p>
<p>I had a stunnel server and client communicating with TLSv1.2 (both of them are stunnel 5.55 and OpenSSL-1.1.1d) on CentOS 7 based Linux (kernel was updated as 4.19.0). The case is that client sends a HTTP request to server, and then server responds a payload
with more than 640KB size. Normally, the server will close the connection by sending an alert firstly.<br>
</p>
<p><br>
</p>
<p>The issue is that sometimes (not 100% reproducible), stunnel client reported: <span style="font-size:12pt">"TL</span><span style="font-size:12pt">S socket closed (read hangup)". </span><span style="font-size:12pt">and then closed the TLS socket. So I could
find an alert sent from client to server firstly from tcpdump. Consequently, this caused the application reported "unexpected end of input" as there should be more data to be received.</span></p>
<p><br>
</p>
<p>I added a few debug logic and I indeed found that: <span style="font-size:12pt">there were occurrences that if stunnel client did not close the TLS socket, it could read more data from TLS socket in next poll loop:</span></p>
<p><br>
</p>
<p>--------------------<br>
</p>
<div>03:59:46 localhost stunnel: LOG6[0]: MingL: POLLRDHUP: 8192 <br>
</div>
<div>03:59:46 localhost stunnel: LOG6[0]: MingL: ioctlsocket: 0 <br>
</div>
<div>03:59:46 localhost stunnel: LOG6[0]: MingL: bytes: 0 <== client didn't close the sock in my debug version.<br>
</div>
<div>03:59:46 localhost stunnel: LOG6[0]: MingL: after checking <br>
</div>
<div>03:59:46 localhost stunnel: LOG6[0]: MingL: s_poll_wait: return 1 <br>
</div>
<div>03:59:46 localhost stunnel: LOG6[0]: MingL: sock_can_rd: n <br>
</div>
<div>03:59:46 localhost stunnel: LOG6[0]: MingL: sock_can_wr: Y <br>
</div>
<div>03:59:46 localhost stunnel: LOG6[0]: MingL: ssl_can_rd: n </div>
<div>03:59:46 localhost stunnel: LOG6[0]: MingL: ssl_can_wr: n <br>
</div>
<div>03:59:46 localhost stunnel: LOG6[0]: MingL: pending: 1 <br>
</div>
<div>03:59:46 localhost stunnel: LOG6[0]: MingL: write to sock 18432 <br>
</div>
<div>03:59:46 localhost stunnel: LOG6[0]: MingL: read_wants_read Y </div>
<div>03:59:46 localhost stunnel: LOG6[0]: MingL: write_wants_writen <br>
</div>
<div>03:59:46 localhost stunnel: LOG6[0]: MingL: read from TLS 10168 <== then I observed the further read from TLS.<br>
</div>
<div><span style="font-family:"Courier New",monospace; font-size:16px; background-color:rgb(255,255,255)">--------------------</span><br>
</div>
<div><span style="font-family:"Courier New",monospace; font-size:16px; background-color:rgb(255,255,255)"><br>
</span></div>
<div><br>
</div>
<div>Any help will be appreciated!<br>
</div>
<div><br>
</div>
<div>Ming<br>
</div>
<p><br>
</p>
</div>
</div>
</body>
</html>