Skip to content

Fix #3226: WolfSSL/OpenSSL connections close after handshake with built-in TCP #3301

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 2 commits into from
Closed

Fix #3226: WolfSSL/OpenSSL connections close after handshake with built-in TCP #3301

wants to merge 2 commits into from

Conversation

Deenaadayalan
Copy link

Summary

Fixes issue #3226 where connections close immediately after TLS handshake when using WolfSSL or OpenSSL with Mongoose's built-in TCP/IP stack (MIP).

Problem

  • TLS handshake completes successfully
  • Connection closes immediately after handshake
  • No application data is transferred
  • HTTP requests never receive responses

Root Cause

SSL may read and buffer multiple TLS records internally during handshake or read operations. Mongoose was not checking SSL_pending() to detect this buffered data, causing the event loop to think the connection was idle and close it prematurely.

Solution

Added mg_tls_pending() checks at two critical points:

  1. After successful handshake (mg_tls_handshake): Check if SSL buffered application data during handshake and set c->is_readable to signal the event loop
  2. After successful read (mg_tls_recv): Check if more data remains buffered after SSL_read() and keep c->is_readable set to continue processing

This ensures the event loop continues processing buffered SSL data even when the underlying socket has no new data available.

Impact

  • Affects both WolfSSL and OpenSSL implementations (both use src/tls_openssl.c)
  • Resolves connection closure issues with built-in TCP stack
  • No changes to API or behavior for standard TCP stack usage

Testing

  • Code compiles successfully with GCC
  • Changes follow existing patterns in codebase
  • Uses existing mg_tls_pending() helper function
  • GitHub Actions will run full test suite

Files Changed

  • src/tls_openssl.c: Added SSL_pending() checks (+10 lines)

@Deenaadayalan
Fix cesanta#3226: Check SSL_pending() after handshake and reads
ce019e6 
Problem: Connections close immediately after TLS handshake when using
WolfSSL/OpenSSL with built-in TCP stack (MIP). Handshake completes
successfully but no application data is transferred.

Root cause: SSL may buffer multiple TLS records internally during
handshake or read operations. Mongoose was not checking SSL_pending()
to detect this buffered data, causing the connection to appear idle
and close prematurely.

Solution:
1. In mg_tls_handshake(): After successful handshake, check
   mg_tls_pending() and set c->is_readable if buffered data exists
2. In mg_tls_recv(): After successful SSL_read(), check
   mg_tls_pending() and keep c->is_readable set if more data remains

This ensures the event loop continues processing buffered SSL data
even when the underlying socket has no new data available.

Affects both WolfSSL and OpenSSL (same code path in src/tls_openssl.c)
@Deenaadayalan
final commit
cc23c47
@scaprile
Copy link
Collaborator

scaprile commented Oct 9, 2025

#3300

@scaprile scaprile closed this Oct 9, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@Deenaadayalan @scaprile