Board index » delphi » Error accepting connection with SSL.

Error accepting connection with SSL.


2008-04-30 06:58:40 PM
delphi279
I get this error from TIdSSLSocket.Accept
Error accepting connection with SSL.
error:00000005:lib(0):func(0):DH lib
The socket is not closed until the webserver is restarted.
I expect that the reason for the SSL error is incorrect SSL settings in the
client. But why is the socket not released?
 
 

Re:Error accepting connection with SSL.

Finally I figured out what was causing this problem:
TidSchedulerofThreadPool.
I have made a small demo project to illustrate this problem - see code
below.
Start the SSLTest.exe (demo program) on a machine.
Uncheck "Use SSL 2.0" and "Use SSL 3.0" in Internet option, advanced on
another machine and start making https connections to SSLTest.
In SSLTest the poolsize of TidSchedulerOfThreadPool is set to 400.
After 400+ faulty SSL connections - you will not be able to connect from
an IE with the correct SSL settings.
Removing "TidSchedulerOfThreadPool" will make this example work.
Reducing the poolsize will reduce the problem. A pool size of e.g. 10 will
cause a slight hang every now and then. So I assume that the webserver will
start working again after a while even with poolsize of 400...
I am using Indy 10 from indy.fulgan.com/ZIP/ 20080219 10:00AM Central
European time.
SSL DLLs: Open SSL v0.9.8g from
www.slproweb.com/products/Win32OpenSSL.html
Test program:
Unit5.dfm
------------------------------------------------------------
object Form5: TForm5
Left = 0
Top = 0
Caption = 'WebServerTest'
ClientHeight = 72
ClientWidth = 410
Color = clBtnFace
Font.Charset = DEFAULT_CHARSET
Font.Color = clWindowText
Font.Height = -11
Font.Name = 'Tahoma'
Font.Style = []
OldCreateOrder = False
OnCreate = FormCreate
OnDestroy = FormDestroy
OnShow = FormShow
PixelsPerInch = 96
TextHeight = 13
object Label1: TLabel
Left = 8
Top = 8
Width = 190
Height = 13
Caption = 'Connections with "Error accepting SSL":'
end
object Label2: TLabel
Left = 8
Top = 27
Width = 103
Height = 13
Caption = 'Working connections:'
end
object Label3: TLabel
Left = 8
Top = 46
Width = 64
Height = 13
Caption = 'Other errors:'
end
object Label4: TLabel
Left = 216
Top = 8
Width = 31
Height = 13
Caption = 'Label4'
end
object Label5: TLabel
Left = 216
Top = 27
Width = 31
Height = 13
Caption = 'Label5'
end
object Label6: TLabel
Left = 216
Top = 46
Width = 31
Height = 13
Caption = 'Label6'
end
object Button1: TButton
Left = 272
Top = 8
Width = 130
Height = 25
Caption = 'Open logg'
TabOrder = 0
OnClick = Button1Click
end
object IdHTTPServer1: TIdHTTPServer
Bindings = <>
DefaultPort = 443
Intercept = IdServerInterceptLogEvent1
IOHandler = IdServerIOHandlerSSLOpenSSL1
OnConnect = IdHTTPServer1Connect
OnException = IdHTTPServer1Exception
Scheduler = IdSchedulerOfThreadPool1
OnCommandGet = IdHTTPServer1CommandGet
Left = 128
Top = 24
end
object IdServerIOHandlerSSLOpenSSL1: TIdServerIOHandlerSSLOpenSSL
SSLOptions.RootCertFile = 'D:\Elwin\Test
applikasjonar\SSLTest\cert\root.pem'
SSLOptions.CertFile = 'D:\Elwin\Test
applikasjonar\SSLTest\cert\cert.pem'
SSLOptions.KeyFile = 'D:\Elwin\Test applikasjonar\SSLTest\cert\key.pem'
SSLOptions.Method = sslvSSLv23
SSLOptions.Mode = sslmServer
SSLOptions.VerifyMode = []
SSLOptions.VerifyDepth = 0
OnGetPassword = IdServerIOHandlerSSLOpenSSL1GetPassword
Left = 160
Top = 24
end
object IdSchedulerOfThreadPool1: TIdSchedulerOfThreadPool
MaxThreads = 0
PoolSize = 400
Left = 192
Top = 24
end
object IdServerInterceptLogEvent1: TIdServerInterceptLogEvent
LogTime = False
ReplaceCRLF = False
OnLogString = IdServerInterceptLogEvent1LogString
Left = 104
Top = 104
end
end
---------------------------------------------------------------
Unit5.pas
---------------------------------------------------------------
unit Unit5;
interface
uses
Windows, Messages, SysUtils, Variants, Classes, Graphics, Controls, Forms,
Dialogs, IdServerIOHandler, IdSSL, IdSSLOpenSSL, IdBaseComponent,
IdComponent,
IdCustomTCPServer, IdCustomHTTPServer, IdHTTPServer, StdCtrls, idContext,
IdIntercept, IdServerInterceptLogBase, IdServerInterceptLogEvent,
IdScheduler,
IdSchedulerOfThread, IdSchedulerOfThreadPool;
type
Counters = record
GetOk: Cardinal;
ErrorAcceptingSSL: Cardinal;
OtherFault: Cardinal;
end;
TForm5 = class(TForm)
IdHTTPServer1: TIdHTTPServer;
IdServerIOHandlerSSLOpenSSL1: TIdServerIOHandlerSSLOpenSSL;
Label1: TLabel;
Label2: TLabel;
Label3: TLabel;
Label4: TLabel;
Label5: TLabel;
Label6: TLabel;
Button1: TButton;
IdSchedulerOfThreadPool1: TIdSchedulerOfThreadPool;
IdServerInterceptLogEvent1: TIdServerInterceptLogEvent;
procedure IdServerIOHandlerSSLOpenSSL1GetPassword(var Password: string);
procedure Button1Click(Sender: TObject);
procedure FormCreate(Sender: TObject);
procedure FormDestroy(Sender: TObject);
procedure FormShow(Sender: TObject);
procedure IdHTTPServer1CommandGet(AContext: TIdContext;
ARequestInfo: TIdHTTPRequestInfo; AResponseInfo: TIdHTTPResponseInfo);
procedure IdHTTPServer1Exception(AContext: TIdContext;
AException: Exception);
procedure IdServerInterceptLogEvent1LogString(
ASender: TIdServerInterceptLogEvent; const AText: string);
procedure IdHTTPServer1Connect(AContext: TIdContext);
private
FLog: TStringList;
FCounters: Counters;
prConnects, prDisconnects: Cardinal;
procedure Logg(inTekst: String);
procedure RunAProgram(const theProgram, itsParameters,
defaultDirectory: string; inCommand: Integer = SW_NORMAL);
procedure RefreshCounters;
{ Private declarations }
public
{ Public declarations }
end;
var
Form5: TForm5;
implementation
uses shellapi;
{$R *.dfm}
procedure TForm5.Button1Click(Sender: TObject);
var
lFil: String;
begin
lFil := ExtractFilePath(Application.ExeName)+'Temp\ELWINFIL.log';
FLog.SaveToFile(lFil);
RunAProgram('notepad', lFil, ExtractFilePath(lFil));
end;
procedure TForm5.FormCreate(Sender: TObject);
begin
FLog := TStringList.Create;
with FCounters do
begin
GetOk := 0;
ErrorAcceptingSSL := 0;
OtherFault := 0;
end;
IdServerIOHandlerSSLOpenSSL1.SSLOptions.RootCertFile :=
ExtractFilePath(Application.ExeName)+'cert\root.pem';
IdServerIOHandlerSSLOpenSSL1.SSLOptions.CertFile :=
ExtractFilePath(Application.ExeName)+'cert\cert.pem';
IdServerIOHandlerSSLOpenSSL1.SSLOptions.KeyFile :=
ExtractFilePath(Application.ExeName)+'cert\key.pem';
prConnects := 0;
prDisconnects := 0;
end;
procedure TForm5.FormDestroy(Sender: TObject);
begin
FreeAndNil(FLog);
end;
procedure TForm5.FormShow(Sender: TObject);
begin
RefreshCounters;
IdHTTPServer1.Active := true;
Caption := Caption+' ('+IntToStr(IdSchedulerOfThreadPool1.PoolSize)+')';
end;
procedure TForm5.Logg(inTekst: String);
begin
FLog.Add(DateTimeToStr(now)+': '+inTekst);
end;
procedure TForm5.IdHTTPServer1CommandGet(AContext: TIdContext;
ARequestInfo: TIdHTTPRequestInfo; AResponseInfo: TIdHTTPResponseInfo);
begin
FCounters.GetOk := FCounters.GetOk + 1;
AResponseInfo.ContentText := 'Successful get:
'+ARequestInfo.RawHTTPCommand;
AResponseInfo.ContentLength := length(AResponseInfo.ContentText);
RefreshCounters;
logg('Successful get ('+ARequestInfo.RawHttpCommand+')');
logg('Successful gets so far: '+IntToStr(FCounters.GetOk));
end;
procedure TForm5.IdHTTPServer1Connect(AContext: TIdContext);
begin
TIdSSLIOHandlerSocketBase(AContext.Connection.IOHandler).PassThrough :=
False;
end;
procedure TForm5.IdHTTPServer1Exception(AContext: TIdContext;
AException: Exception);
begin
logg('ERROR: '+AException.Message);
if pos('ERROR ACCEPTING CONNECTION WITH SSL',
AnsiUpperCase(AException.Message))>0 then
begin
FCounters.ErrorAcceptingSSL := FCounters.ErrorAcceptingSSL + 1;
logg('Error accepting SSL counter =
'+IntToStr(FCounters.ErrorAcceptingSSL));
end
else
begin
FCounters.OtherFault := FCounters.OtherFault + 1;
logg('Other faults counter = '+IntToStr(FCounters.ErrorAcceptingSSL));
end;
RefreshCounters;
end;
procedure TForm5.IdServerInterceptLogEvent1LogString(
ASender: TIdServerInterceptLogEvent; const AText: string);
begin
if length(AText) < 50 then
begin
if pos (' Stat Disconnected.', AText)>0 then
logg('HTTP Server: '+AText,)
else
if pos (' Stat Connected.', AText)>0 then
logg('HTTP Server: '+AText)
else
Logg('HTTP Server Req: '+AText);
end
else
Logg('HTTP Server Req: '+AText);
end;
procedure TForm5.IdServerIOHandlerSSLOpenSSL1GetPassword(var Password:
string);
begin
Password := 'Test';
end;
procedure TForm5.RefreshCounters;
begin
Label4.Caption := IntToStr(FCounters.ErrorAcceptingSSL);
Label5.Caption := IntToStr(FCounters.GetOk);
Label6.Caption := IntToStr(FCounters.OtherFault);
end;
procedure TForm5.RunAProgram (const theProgram, itsParameters,
defaultDirectory: string; inCommand: Integer = SW_NORMAL);
var
rslt: integer;
msg: string;
begin
rslt := ShellExecute(0, PAnsiChar('open'), // (18338) 'open',
pChar (theProgram),
pChar (itsParameters),
pChar (defaultDirectory),
inCommand);
if rslt <= 32 then
begin
case rslt of
0,
se_err_OOM:
msg := 'Ikkje nok minne/resursar til denne operasjonen.';
error_File_Not_Found:
msg := 'Fila "' + theProgram + '" kunne ikkje finnas';
error_Path_Not_Found:
msg := 'Sti finnas ikkje';
error_Bad_Format:
msg := 'Skada eller ugyldig fil';
se_err_AccessDenied:
msg := 'Manglar tilgong';
se_err_NoAssoc,
se_err_AssocIncomplete:
msg := 'Filtype registrering ugyldig';
se_err_DDEBusy,
se_err_DDEFail,
se_err_DDETimeOut:
msg := 'DDE feil';
se_err_Share:
msg := 'delings krenkelse';
else
msg := 'ingen tekst';
end;
raise Exception.Create('ShellExecute feil #' + IntToStr (rslt) + ': ' +
msg);
end;
end;
end.
---------------------------------------------------------------
"Arvid Haugen" <XXXX@XXXXX.COM>skrev i melding
Quote
I get this error from TIdSSLSocket.Accept

Error accepting connection with SSL.
error:00000005:lib(0):func(0):DH lib

The socket is not closed until the webserver is restarted.

I expect that the reason for the SSL error is incorrect SSL settings in
the
client. But why is the socket not released?