1 (edited by rkumar 2022-02-19 08:07:34)

Topic: wolfSSL Leaving SSL_get_error, return -343

We are Using Opensips Core 3.2.2 with WolfSSL  4.7.1 version.  we are seeing lot of abnormal TLS connection terminations with following error.   wolfSSL Leaving SSL_get_error, return -343 from WolSSL . We are not observing this when Using OpenSSL.

As per the WolfSSL code

ZERO_RETURN                  = -343,   /* peer sent close notify */

What exactly is this error and how to fix this from occurring ? Please suggest .


The following are the logs I am seeing

:: [LOG LEVEL : 0] <LOG MESSAGE : wolfSSL error occurred, error = 0 line:15386 file:src/internal.c>
Feb 19 02:42:04 prod-vm-150 /home/wsadmin/tlswsproxy-wolfssl/sbin/tlswsproxy[2389848]: INFO:tls_wolfssl:WolfLoggingCallback: WOLFSSL LIB :: [LOG LEVEL : 0] <LOG MESSAGE : wolfSSL error occurred, error = 343 line:18657 file:src/internal.c>
Feb 19 02:42:04 prod-vm-150 /home/wsadmin/tlswsproxy-wolfssl/sbin/tlswsproxy[2389848]: INFO:tls_wolfssl:WolfLoggingCallback: WOLFSSL LIB :: [LOG LEVEL : 1] <LOG MESSAGE : Zero return, no more data coming>
Feb 19 02:42:04 prod-vm-150 /home/wsadmin/tlswsproxy-wolfssl/sbin/tlswsproxy[2389848]: INFO:tls_wolfssl:WolfLoggingCallback: WOLFSSL LIB :: [LOG LEVEL : 1] <LOG MESSAGE : Notifying write side of fatal read error>
Feb 19 02:42:04 prod-vm-150 /home/wsadmin/tlswsproxy-wolfssl/sbin/tlswsproxy[2389848]: INFO:tls_wolfssl:WolfLoggingCallback: WOLFSSL LIB :: [LOG LEVEL : 2] <LOG MESSAGE : wolfSSL Entering NotifyWriteSide>
Feb 19 02:42:04 prod-vm-150 /home/wsadmin/tlswsproxy-wolfssl/sbin/tlswsproxy[2389848]: INFO:tls_wolfssl:WolfLoggingCallback: WOLFSSL LIB :: [LOG LEVEL : 3] <LOG MESSAGE : wolfSSL Leaving wolfSSL_read_internal(), return 0>
Feb 19 02:42:04 prod-vm-150 /home/wsadmin/tlswsproxy-wolfssl/sbin/tlswsproxy[2389848]: INFO:tls_wolfssl:WolfLoggingCallback: WOLFSSL LIB :: [LOG LEVEL : 2] <LOG MESSAGE : wolfSSL Entering SSL_get_error>
Feb 19 02:42:04 prod-vm-150 /home/wsadmin/tlswsproxy-wolfssl/sbin/tlswsproxy[2389848]: INFO:tls_wolfssl:WolfLoggingCallback: WOLFSSL LIB :: [LOG LEVEL : 3] <LOG MESSAGE : wolfSSL Leaving SSL_get_error, return -343>
Feb 19 02:42:04 prod-vm-150 /home/wsadmin/tlswsproxy-wolfssl/sbin/tlswsproxy[2389848]: INFO:tls_wolfssl:_wolfssl_read: TLS connection to 12.246.74.190:19189 closed cleanly
Feb 19 02:42:04 prod-vm-150 /home/wsadmin/tlswsproxy-wolfssl/sbin/tlswsproxy[2389848]: INFO:core:tcp_trigger_report: Connection is getting release because of [EOF received]


WolfSSL code snippet where we are getting error

    while (ssl->buffers.clearOutputBuffer.length == 0) {
        if ( (ssl->error = ProcessReply(ssl)) < 0) {
            WOLFSSL_ERROR(ssl->error);
            if (ssl->error == ZERO_RETURN) {
                WOLFSSL_MSG("Zero return, no more data coming");  ----> returning from here
                return 0; /* no more data coming */
            }
            if (ssl->error == SOCKET_ERROR_E) {
                if (ssl->options.connReset || ssl->options.isClosed) {
                    WOLFSSL_MSG("Peer reset or closed, connection done");
                    ssl->error = SOCKET_PEER_CLOSED_E;
                    WOLFSSL_ERROR(ssl->error);
                    return 0; /* peer reset or closed */
                }
            }
            return ssl->error;
        }

Share

Re: wolfSSL Leaving SSL_get_error, return -343

Hi rkumar,

Please upgrade to the latest wolfSSL, 5.2.0 and let me know if you still have any issues.

Thanks,
Kareem

Share

Re: wolfSSL Leaving SSL_get_error, return -343

As suggested , we have tested on WolfSSL  5.2.0 and observed same issue of TLS abnormal terminations saying close notify. The following are the logs . Could you please verify and update.

:: [LOG LEVEL : 2] <LOG MESSAGE : wolfSSL Entering ReceiveData()>
Feb 26 03:12:24 prod-vm-150 /home/wsadmin/tlswsproxy-wolfssl/sbin/tlswsproxy[21880]: INFO:tls_wolfssl:WolfLoggingCallback: WOLFSSL LIB :: [LOG LEVEL : 1] <LOG MESSAGE : growing input buffer>
Feb 26 03:12:24 prod-vm-150 /home/wsadmin/tlswsproxy-wolfssl/sbin/tlswsproxy[21880]: INFO:tls_wolfssl:WolfLoggingCallback: WOLFSSL LIB :: [LOG LEVEL : 1] <LOG MESSAGE : received record layer msg>
Feb 26 03:12:24 prod-vm-150 /home/wsadmin/tlswsproxy-wolfssl/sbin/tlswsproxy[21880]: INFO:tls_wolfssl:WolfLoggingCallback: WOLFSSL LIB :: [LOG LEVEL : 1] <LOG MESSAGE : got ALERT!>
Feb 26 03:12:24 prod-vm-150 /home/wsadmin/tlswsproxy-wolfssl/sbin/tlswsproxy[21880]: INFO:tls_wolfssl:WolfLoggingCallback: WOLFSSL LIB :: [LOG LEVEL : 1] <LOG MESSAGE : Alert type: close_notify>
Feb 26 03:12:24 prod-vm-150 /home/wsadmin/tlswsproxy-wolfssl/sbin/tlswsproxy[21880]: INFO:tls_wolfssl:WolfLoggingCallback: WOLFSSL LIB :: [LOG LEVEL : 0] <LOG MESSAGE : wolfSSL error occurred, error = 0 line:16598 file:src/internal.c>
Feb 26 03:12:24 prod-vm-150 /home/wsadmin/tlswsproxy-wolfssl/sbin/tlswsproxy[21880]: INFO:tls_wolfssl:WolfLoggingCallback: WOLFSSL LIB :: [LOG LEVEL : 0] <LOG MESSAGE : wolfSSL error occurred, error = 343 line:19966 file:src/internal.c>
Feb 26 03:12:24 prod-vm-150 /home/wsadmin/tlswsproxy-wolfssl/sbin/tlswsproxy[21880]: INFO:tls_wolfssl:WolfLoggingCallback: WOLFSSL LIB :: [LOG LEVEL : 1] <LOG MESSAGE : Zero return, no more data coming>
Feb 26 03:12:24 prod-vm-150 /home/wsadmin/tlswsproxy-wolfssl/sbin/tlswsproxy[21880]: INFO:tls_wolfssl:WolfLoggingCallback: WOLFSSL LIB :: [LOG LEVEL : 1] <LOG MESSAGE : Notifying write side of fatal read error>
Feb 26 03:12:24 prod-vm-150 /home/wsadmin/tlswsproxy-wolfssl/sbin/tlswsproxy[21880]: INFO:tls_wolfssl:WolfLoggingCallback: WOLFSSL LIB :: [LOG LEVEL : 2] <LOG MESSAGE : wolfSSL Entering NotifyWriteSide>
Feb 26 03:12:24 prod-vm-150 /home/wsadmin/tlswsproxy-wolfssl/sbin/tlswsproxy[21880]: INFO:tls_wolfssl:WolfLoggingCallback: WOLFSSL LIB :: [LOG LEVEL : 3] <LOG MESSAGE : wolfSSL Leaving wolfSSL_read_internal(), return 0>
Feb 26 03:12:24 prod-vm-150 /home/wsadmin/tlswsproxy-wolfssl/sbin/tlswsproxy[21880]: INFO:tls_wolfssl:WolfLoggingCallback: WOLFSSL LIB :: [LOG LEVEL : 2] <LOG MESSAGE : wolfSSL Entering SSL_get_error>
Feb 26 03:12:24 prod-vm-150 /home/wsadmin/tlswsproxy-wolfssl/sbin/tlswsproxy[21880]: INFO:tls_wolfssl:WolfLoggingCallback: WOLFSSL LIB :: [LOG LEVEL : 3] <LOG MESSAGE : wolfSSL Leaving SSL_get_error, return -343>
Feb 26 03:12:24 prod-vm-150 /home/wsadmin/tlswsproxy-wolfssl/sbin/tlswsproxy[21880]: INFO:tls_wolfssl:_wolfssl_read: TLS connection to 12.215.193.11:5075 closed cleanly
Feb 26 03:12:24 prod-vm-150 /home/wsadmin/tlswsproxy-wolfssl/sbin/tlswsproxy[21880]: INFO:core:tcp_trigger_report: Connection is getting release because of [EOF received]

Share

Re: wolfSSL Leaving SSL_get_error, return -343

This is an informative error and it indicates that the peer has closed the connection and no more data will be expected.

I would suggest opening a support ticket by emailing support@wolfssl.com