Topic: connect to amazon sqs service with port 443 ( ssl/tls )

Hello,

i am trying to establish a ssl/tls socket connection to https://queue.amazonaws.com and the ssl/tls handshake process gives me the error WANT_READ and the process never finishes.

I have tested with other servers ( google.com, etc ) and the process goes well.

Does anyone know what is the problem ?

Share

Re: connect to amazon sqs service with port 443 ( ssl/tls )

Hi Jordi,

A return of WANT_READ means that wolfSSL needs to read additional data in order to progress the SSL/TLS state machine, but the underlying I/O doesn't have any data at the moment.  You'll need to loop on the SSL_read/write/connect/accept function and call it again when the underlying I/O is ready.

- Chris

Re: connect to amazon sqs service with port 443 ( ssl/tls )

Hi Chris,

the source code that is giving me the problem is the following:

           result = CyaSSL_connect(AmazonSqsService.sslInfo.ssl);

            if (result != SSL_SUCCESS) {

                error = CyaSSL_get_error(AmazonSqsService.sslInfo.ssl, 0);

                if( (error == SSL_ERROR_WANT_READ) || (error == SSL_ERROR_WANT_WRITE) ) {
                    return; // Client would read or write block, this is fine
                } else {
                    SYS_CONSOLE_MESSAGE((const char*)"error : CyaSSL_connect");
                    break;
                }
            }

I am executing this code continuosly until a timeout of 60 secondes expires.

I thing that the "CyaSSL_connect" function has to take into account all the things that you commented.

And the same process goes well with other https servers ( google.com for example ).

So, what is the thing that i missing ?

Share

Re: connect to amazon sqs service with port 443 ( ssl/tls )

Hi Jordi,

It looks like the wolfSSL example client is able to connect to https://queue.amazonaws.com when I try in non-blocking mode (see below).  I also noticed that the server mentioned will only accept connections using TLS 1.0.

$ cd wolfssl-3.4.6
$ ./configure
$ make
$ ./examples/client/client -h queue.amazonaws.com -p 443 -v 1 -d -N
... client would read block
... client would read block
... client would read block
... client would read block
... client would read block
SSL version is TLSv1
SSL cipher suite is TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA

Are you sure you have your I/O layer set up correctly?

Best Regards,
Chris