Open suzp1984 opened 2 months ago
I would say it's a hard work to review the SSL API, because they are horrible documented. However, thank you for your nice work, even though I might not know when I will have time to look into this issue. I really don't like OpenSSL.
Describe the bug There are a similar issue #3497, but I think it just fix part of problem.
start srs:
./objs/srs -c conf/https.srs.conf
access:https://localhost:8088
Safari browser access SRS https server. SRS error logs
Chrome browser access SRS https server. SRS error logs
Chrome will start 3 tcp connections to SRS, the first and second ssl handshake would be failed in
srs_app_conn.cpp:849
, the third ssl handshake would be success.Version ALL SRS Version.
To Reproduce Steps to reproduce the behavior:
./objs/srs -c conf/https.srs.conf
(I used the srs's default SSL library:3rdparty/openssl-1.1-fit
)https://localhost:8088/
in safari (macOS).https://localhost:8088/
in chrome.Expected behavior No SSL related exceptions.
Additional context Use Safari and Chrome to access https server, can have produce different errors, so I thinks It's not caused by self-signed certification.
Cause of Safari browser https://github.com/ossrs/srs/blob/5eb802dacac4e685989446e51d0ed5c594f86258/trunk/src/app/srs_app_conn.cpp#L911-L912 the log said:
SSL_read r0=0, r1=6, r2=0, r3=1
r0 = 0, check the
SSL_read
doc: https://www.openssl.org/docs/man1.1.1/man3/SSL_read.htmlr1 = 6, check the error 6 definition: https://github.com/ossrs/srs/blob/5eb802dacac4e685989446e51d0ed5c594f86258/trunk/3rdparty/openssl-1.1-fit/include/openssl/ssl.h#L1187
A workaround is to handle the
SSL_ERROR_ZERO_RETURN
:Cause of Chrome I guess the SSL handshake code maybe need to refined.