Socket closing after startTLS with kCFStreamSSLIsServer=YES

ixalon commented 8 years ago

Hi I'm trying to create a simple HTTPS server. In didAcceptNewSocket I'm calling:

    NSMutableDictionary *settings = [NSMutableDictionary dictionaryWithCapacity:3];
    [settings setObject:[NSNumber numberWithBool:YES] forKey:(NSString *)kCFStreamSSLIsServer];
    [settings setObject:certificates forKey:(NSString *)kCFStreamSSLCertificates];
    [sock startTLS:settings];
    [sock readDataToData:[GCDAsyncSocket CRLFData] withTimeout:READ_TIMEOUT tag:TAG_HTTP_LEADING];

I'm attempting to test using:

openssl s_client -debug -connect 192.168.1.65:8082 -CAfile myCA.cer

With debug logging enabled, I see the following in the xcode console:

2016-07-29 00:20:49:186 DemoServer[16957:954652] GCDAsyncSocket: No currentRead or kReadsPaused
2016-07-29 00:20:49:186 DemoServer[16957:954652] GCDAsyncSocket: dispatch_suspend(readSource)
2016-07-29 00:20:49:187 DemoServer[16957:954667] GCDAsyncSocket: startTLS:
2016-07-29 00:20:49:187 DemoServer[16957:954702] GCDAsyncSocket: maybeDequeueRead
2016-07-29 00:20:49:188 DemoServer[16957:954702] GCDAsyncSocket: Dequeued GCDAsyncSpecialPacket
2016-07-29 00:20:49:188 DemoServer[16957:954702] GCDAsyncSocket: maybeDequeueWrite
2016-07-29 00:20:49:188 DemoServer[16957:954702] GCDAsyncSocket: Dequeued GCDAsyncSpecialPacket
2016-07-29 00:20:49:188 DemoServer[16957:954702] GCDAsyncSocket: ssl_startTLS
2016-07-29 00:20:49:188 DemoServer[16957:954702] GCDAsyncSocket: Starting TLS (via SecureTransport)...
2016-07-29 00:20:49:188 DemoServer[16957:954702] GCDAsyncSocket: ssl_continueSSLHandshake
2016-07-29 00:20:49:189 DemoServer[16957:954702] GCDAsyncSocket: sslReadWithBuffer:0x7ff735829200 length:5
2016-07-29 00:20:49:189 DemoServer[16957:954702] GCDAsyncSocket: sslReadWithBuffer:length:: Reading from socket...
2016-07-29 00:20:49:189 DemoServer[16957:954702] GCDAsyncSocket: sslReadWithBuffer:length:: Reading into sslPreBuffer...
2016-07-29 00:20:49:190 DemoServer[16957:954702] GCDAsyncSocket: sslReadWithBuffer:length:: read from socket = 370
2016-07-29 00:20:49:190 DemoServer[16957:954702] GCDAsyncSocket: sslReadWithBuffer:length:: Copying 5 bytes out of sslPreBuffer
2016-07-29 00:20:49:190 DemoServer[16957:954702] GCDAsyncSocket: sslReadWithBuffer:length:: sslPreBuffer.length = 365
2016-07-29 00:20:49:190 DemoServer[16957:954702] GCDAsyncSocket: sslReadWithBuffer:length:: Complete
2016-07-29 00:20:49:190 DemoServer[16957:954702] GCDAsyncSocket: sslReadWithBuffer:0x7ff735829205 length:365
2016-07-29 00:20:49:190 DemoServer[16957:954702] GCDAsyncSocket: sslReadWithBuffer:length:: Reading from SSL pre buffer...
2016-07-29 00:20:49:190 DemoServer[16957:954702] GCDAsyncSocket: sslReadWithBuffer:length:: Copying 365 bytes from sslPreBuffer
2016-07-29 00:20:49:190 DemoServer[16957:954702] GCDAsyncSocket: sslReadWithBuffer:length:: sslPreBuffer.length = 0
2016-07-29 00:20:49:190 DemoServer[16957:954702] GCDAsyncSocket: sslReadWithBuffer:length:: Complete
2016-07-29 00:20:49:203 DemoServer[16957:954702] GCDAsyncSocket: sslReadWithBuffer:0x7ff735829200 length:5
2016-07-29 00:20:49:203 DemoServer[16957:954702] GCDAsyncSocket: sslReadWithBuffer:length: - No data available to read...
2016-07-29 00:20:49:203 DemoServer[16957:954702] GCDAsyncSocket: dispatch_resume(readSource)
2016-07-29 00:20:49:203 DemoServer[16957:954702] GCDAsyncSocket: SSLHandshake continues...
2016-07-29 00:20:49:203 DemoServer[16957:954702] GCDAsyncSocket: readDataToData:withTimeout:buffer:bufferOffset:maxLength:tag:
2016-07-29 00:20:49:204 DemoServer[16957:954702] GCDAsyncSocket: maybeDequeueRead
2016-07-29 00:20:49:204 DemoServer[16957:954702] GCDAsyncSocket: dealloc - <GCDAsyncSocket: 0x7ff733e18900> (start)
2016-07-29 00:20:49:204 DemoServer[16957:954702] GCDAsyncSocket: closeWithError:
2016-07-29 00:20:49:204 DemoServer[16957:954702] GCDAsyncSocket: endConnectTimeout
2016-07-29 00:20:49:204 DemoServer[16957:954702] GCDAsyncSocket: removeStreamsFromRunLoop
2016-07-29 00:20:49:205 DemoServer[16957:954702] GCDAsyncSocket: dispatch_source_cancel(readSource)
2016-07-29 00:20:49:205 DemoServer[16957:954702] GCDAsyncSocket: dispatch_source_cancel(writeSource)
2016-07-29 00:20:49:205 DemoServer[16957:954702] GCDAsyncSocket: dispatch_resume(writeSource)
2016-07-29 00:20:49:206 DemoServer[16957:954702] GCDAsyncSocket: dealloc - <GCDAsyncSocket: 0x7ff733e18900> (finish)
2016-07-29 00:20:49:206 DemoServer[16957:954667] GCDAsyncSocket: readCancelBlock
2016-07-29 00:20:49:206 DemoServer[16957:954667] GCDAsyncSocket: dispatch_release(readSource)
2016-07-29 00:20:49:206 DemoServer[16957:954667] GCDAsyncSocket: writeCancelBlock
2016-07-29 00:20:49:206 DemoServer[16957:954667] GCDAsyncSocket: dispatch_release(writeSource)
2016-07-29 00:20:49:207 DemoServer[16957:954667] GCDAsyncSocket: close(socketFD)

socketDidSecure is never called and socketDidDisconnect is called with no error object.

openssl's debug log shows:

chris:demo-server chris$ openssl s_client -debug -connect 192.168.1.65:8082 -CAfile ~myCA.cer
CONNECTED(00000003)
write to 0x7fc68341ac70 [0x7fc68380a200] (370 bytes => 370 (0x172))
0000 - 16 03 01 01 6d 01 00 01-69 03 03 f9 86 f8 ee ea   ....m...i.......
0010 - de 1c a3 c4 74 26 38 d4-49 2a fa 51 e9 8d 06 ba   ....t&8.I*.Q....
0020 - 9b 72 79 2b 04 db 4f 5d-d5 43 9b 00 00 ea cc 14   .ry+..O].C......
0030 - cc 13 cc 15 c0 30 c0 2c-c0 28 c0 24 c0 14 c0 0a   .....0.,.(.$....
0040 - 00 a5 00 a3 00 a1 00 9f-00 6b 00 6a 00 69 00 68   .........k.j.i.h
0050 - 00 39 00 38 00 37 00 36-c0 77 c0 73 00 c4 00 c3   .9.8.7.6.w.s....
0060 - 00 c2 00 c1 00 88 00 87-00 86 00 85 c0 32 c0 2e   .............2..
0070 - c0 2a c0 26 c0 0f c0 05-c0 79 c0 75 00 9d 00 3d   .*.&.....y.u...=
0080 - 00 35 00 c0 00 84 00 95-c0 2f c0 2b c0 27 c0 23   .5......./.+.'.#
0090 - c0 13 c0 09 00 a4 00 a2-00 a0 00 9e 00 67 00 40   .............g.@
00a0 - 00 3f 00 3e 00 33 00 32-00 31 00 30 c0 76 c0 72   .?.>.3.2.1.0.v.r
00b0 - 00 be 00 bd 00 bc 00 bb-00 9a 00 99 00 98 00 97   ................
00c0 - 00 45 00 44 00 43 00 42-c0 31 c0 2d c0 29 c0 25   .E.D.C.B.1.-.).%
00d0 - c0 0e c0 04 c0 78 c0 74-00 9c 00 3c 00 2f 00 ba   .....x.t...<./..
00e0 - 00 96 00 41 00 07 00 94-c0 11 c0 07 00 66 c0 0c   ...A.........f..
00f0 - c0 02 00 05 00 04 00 92-c0 12 c0 08 00 16 00 13   ................
0100 - 00 10 00 0d c0 0d c0 03-00 0a 00 93 00 15 00 12   ................
0110 - 00 0f 00 0c 00 09 00 ff-02 01 00 00 55 00 0b 00   ............U...
0120 - 04 03 00 01 02 00 0a 00-1c 00 1a 00 17 00 19 00   ................
0130 - 1c 00 1b 00 18 00 1a 00-16 00 0e 00 0d 00 0b 00   ................
0140 - 0c 00 09 00 0a 00 23 00-00 00 0d 00 20 00 1e 06   ......#..... ...
0150 - 01 06 02 06 03 05 01 05-02 05 03 04 01 04 02 04   ................
0160 - 03 03 01 03 02 03 03 02-01 02 02 02 03 00 0f 00   ................
0170 - 01 01                                             ..
read from 0x7fc68341ac70 [0x7fc68380f800] (7 bytes => 7 (0x7))
0000 - 16 03 03 00 51 02                                 ....Q.
0007 - <SPACES/NULS>
read from 0x7fc68341ac70 [0x7fc68380f80a] (79 bytes => 79 (0x4F))
0000 - 00 4d 03 03 57 9a 94 ed-44 d9 46 b8 bb de 7b 1c   .M..W...D.F...{.
0010 - 3e 1c 54 b1 37 73 6b 11-70 c3 84 a8 a5 e0 95 d8   >.T.7sk.p.......
0020 - 84 4b 41 9a 20 dd 3b a6-1e 2f 94 18 f4 a8 e3 22   .KA. .;../....."
0030 - a3 5d f2 65 54 36 08 22-91 08 26 5a 29 8b 4e 2f   .].eT6."..&Z).N/
0040 - fc 47 5d ab 16 c0 30 00-00 05 ff 01 00 01         .G]...0.......
004f - <SPACES/NULS>
read from 0x7fc68341ac70 [0x7fc68380f803] (5 bytes => 5 (0x5))
0000 - 16 03 03 05 ca                                    .....
read from 0x7fc68341ac70 [0x7fc68380f808] (1482 bytes => 1482 (0x5CA))
0000 - 0b 00 05 c6 00 05 c3 00-02 b4 30 82 02 b0 30 82   ..........0...0.
0010 - 01 98 02 09 00 e5 ed 2a-f5 30 ce 6e fc 30 0d 06   .......*.0.n.0..
0020 - 09 2a 86 48 86 f7 0d 01-01 0b 05 00 30 19 31 17   .*.H........0.1.
0030 - 30 15 06 03 55 04 03 0c-0e 44 65 6d 6f 20 53 65   0...U....Demo Se
0040 - 72 76 65 72 20 43 41 30-1e 17 0d 31 36 30 37 32   rver CA0...16072
0050 - 38 32 33 32 37 32 31 5a-17 0d 32 36 30 37 32 36   8232721Z..260726
0060 - 32 33 32 37 32 31 5a 30-1b 31 19 30 17 06 03 55   232721Z0.1.0...U
0070 - 04 03 0c 10 64 65 6d 6f-2e 65 78 61 6d 70 6c 65   ....demo.example
0080 - 2e 63 6f 6d 30 82 01 22-30 0d 06 09 2a 86 48 86   .com0.."0...*.H.
0090 - f7 0d 01 01 01 05 00 03-82 01 0f 00 30 82 01 0a   ............0...
00a0 - 02 82 01 01 00 b0 b7 29-d7 9c e4 09 f0 33 38 33   .......).....383
00b0 - cf 73 49 27 53 dd 93 c7-fc 41 d0 21 67 bb 01 ee   .sI'S....A.!g...
00c0 - 8e a6 af 75 1a 57 4d 76-cd fc 10 14 d8 ef 3c f5   ...u.WMv......<.
00d0 - 46 f3 d4 59 ab 84 08 4e-2a c3 05 4e 22 01 1b da   F..Y...N*..N"...
00e0 - 95 5d 97 4a c1 dd 4a eb-b7 88 75 dc 6c b5 3f 69   .].J..J...u.l.?i
00f0 - a8 c2 f8 1a 5e 26 8f f6-60 b4 07 7f dd 04 06 61   ....^&..`......a
0100 - 57 28 6f 14 2a da 9f 07-93 45 15 95 f6 3f df e5   W(o.*....E...?..
0110 - dd 12 01 61 ea 6c 7d 89-26 1c 0c eb 8c a9 a1 c3   ...a.l}.&.......
0120 - 5f 63 0a 21 9d 17 49 8d-92 2e 11 35 e8 2c 0a 04   _c.!..I....5.,..
0130 - f3 ca b4 37 95 ad 3a 3e-b0 88 9b 1d de 93 9b e7   ...7..:>........
0140 - 30 a9 85 b8 a3 67 35 b6-d6 4c 13 ba b7 68 38 35   0....g5..L...h85
0150 - 58 02 e2 2a 3d b3 87 d6-f4 b6 90 77 92 dc e8 47   X..*=......w...G
0160 - c1 99 4c 11 b3 57 52 73-83 00 5a 5d a6 0e e7 47   ..L..WRs..Z]...G
0170 - 68 2d 99 9d c2 05 66 9d-49 03 46 e7 0a 59 e3 93   h-....f.I.F..Y..
0180 - b1 80 a3 a2 64 26 c5 35-30 6e f8 73 d2 27 4f ac   ....d&.50n.s.'O.
0190 - 2e 98 a7 ed 06 26 57 1c-6d 89 ba 1c ad 1f 53 26   .....&W.m.....S&
01a0 - f9 87 bb db 33 02 03 01-00 01 30 0d 06 09 2a 86   ....3.....0...*.
01b0 - 48 86 f7 0d 01 01 0b 05-00 03 82 01 01 00 5b 0e   H.............[.
01c0 - fc 58 22 02 6d d8 5a 50-46 b1 d3 54 13 b9 cb 26   .X".m.ZPF..T...&
01d0 - cb 21 cf a6 71 de 01 ae-71 57 4d 71 b2 61 70 be   .!..q...qWMq.ap.
01e0 - 95 f8 99 84 06 20 e6 a8-07 68 a4 eb 16 0b be fa   ..... ...h......
01f0 - 61 4f 43 13 8d 05 25 2a-03 07 71 fc d5 65 90 38   aOC...%*..q..e.8
0200 - 20 7d 28 2a 99 ac 11 3d-64 f5 e9 1a 58 13 43 51    }(*...=d...X.CQ
0210 - 97 8e b6 ca 5d e7 ba 38-be 98 83 df 7c 2c 0e fa   ....]..8....|,..
0220 - 29 ec 4f d8 0a ec dc 53-1c 26 fc 21 35 a5 18 ee   ).O....S.&.!5...
0230 - 0a 63 64 ce 40 76 01 f0-76 d8 b8 b8 4a a0 da 09   .cd.@v..v...J...
0240 - 27 c6 75 17 0a 3e c1 ed-59 f3 c9 3d 4b 01 3c be   '.u..>..Y..=K.<.
0250 - 22 21 7e e4 51 65 35 94-82 0e 6e a2 e6 43 1f 45   "!~.Qe5...n..C.E
0260 - 5b e1 2c 55 6c 20 7f e7-99 b0 77 9b 10 3c bc c8   [.,Ul ....w..<..
0270 - 0f 02 36 96 25 be 1a c9-98 94 3c 4c 97 2c 53 1d   ..6.%.....<L.,S.
0280 - 17 23 79 90 cd cf 62 61-c4 78 41 0d 18 24 c1 ea   .#y...ba.xA..$..
0290 - 52 8e 26 ed d0 90 b0 b6-3f c3 63 92 52 14 70 ab   R.&.....?.c.R.p.
02a0 - bc 18 45 4e 40 f6 ce 18-aa 42 25 9a b2 77 09 be   ..EN@....B%..w..
02b0 - d3 47 ca 18 b5 21 80 00-63 06 10 1f 55 82 00 03   .G...!..c...U...
02c0 - 09 30 82 03 05 30 82 01-ed a0 03 02 01 02 02 09   .0...0..........
02d0 - 00 f5 43 80 d5 00 66 84-b4 30 0d 06 09 2a 86 48   ..C...f..0...*.H
02e0 - 86 f7 0d 01 01 0b 05 00-30 19 31 17 30 15 06 03   ........0.1.0...
02f0 - 55 04 03 0c 0e 44 65 6d-6f 20 53 65 72 76 65 72   U....Demo Server
0300 - 20 43 41 30 1e 17 0d 31-36 30 37 32 38 32 33 32    CA0...160728232
0310 - 37 32 31 5a 17 0d 32 36-30 37 32 36 32 33 32 37   721Z..2607262327
0320 - 32 31 5a 30 19 31 17 30-15 06 03 55 04 03 0c 0e   21Z0.1.0...U....
0330 - 44 65 6d 6f 20 53 65 72-76 65 72 20 43 41 30 82   Demo Server CA0.
0340 - 01 22 30 0d 06 09 2a 86-48 86 f7 0d 01 01 01 05   ."0...*.H.......
0350 - 00 03 82 01 0f 00 30 82-01 0a 02 82 01 01 00 da   ......0.........
0360 - 1d 36 d5 c5 8b 72 76 b2-ad e2 05 3c 0b ef a1 66   .6...rv....<...f
0370 - cc 15 66 5e 1b 64 bd 25-eb 4e 90 7d 33 ea f9 80   ..f^.d.%.N.}3...
0380 - 51 6c eb 58 b8 f7 aa b8-a1 69 94 77 03 94 47 9b   Ql.X.....i.w..G.
0390 - 55 ee 41 fa 3c ef d1 93-62 f0 54 9f 5b 58 e6 d9   U.A.<...b.T.[X..
03a0 - c8 3a 66 aa 5e 9a 8a 91-ae 49 0a b6 21 d3 51 5b   .:f.^....I..!.Q[
03b0 - f6 d8 58 37 54 c6 dc 03-46 75 13 0c 5d 97 13 90   ..X7T...Fu..]...
03c0 - d4 cd 89 00 a2 50 b4 87-70 89 c8 58 34 5d 87 ae   .....P..p..X4]..
03d0 - a2 f8 d2 ae be 44 cc 11-df fa 66 16 48 9b 0a e4   .....D....f.H...
03e0 - cf 66 60 19 8a d5 91 77-0b b1 a7 d4 59 f0 fa 1c   .f`....w....Y...
03f0 - 8b 56 de 86 00 62 f8 bf-9f 5e 89 ed 9d db 56 4e   .V...b...^....VN
0400 - c6 e0 a1 7f 7a 70 3d 91-35 20 d9 cb 17 a2 5c 45   ....zp=.5 ....\E
0410 - cc 90 0e 56 73 18 9a 2f-77 d0 e3 00 0a 5e be 22   ...Vs../w....^."
0420 - 77 27 3e 6b 02 f3 de 8f-f6 9d 2c 33 2c 82 98 7d   w'>k......,3,..}
0430 - 6e 6c 7d 80 5c 89 53 89-ef d1 49 f7 ff 78 c3 cd   nl}.\.S...I..x..
0440 - 73 04 0d 87 35 75 d8 ad-19 ca 7f 0a 4c 26 51 f0   s...5u......L&Q.
0450 - 1e b8 2b 02 33 57 90 6b-ff a9 19 34 18 4b 77 02   ..+.3W.k...4.Kw.
0460 - 03 01 00 01 a3 50 30 4e-30 1d 06 03 55 1d 0e 04   .....P0N0...U...
0470 - 16 04 14 35 98 2d 47 cc-dd 35 9d 64 6e ea 51 61   ...5.-G..5.dn.Qa
0480 - 8a d3 50 39 03 4a 6c 30-1f 06 03 55 1d 23 04 18   ..P9.Jl0...U.#..
0490 - 30 16 80 14 35 98 2d 47-cc dd 35 9d 64 6e ea 51   0...5.-G..5.dn.Q
04a0 - 61 8a d3 50 39 03 4a 6c-30 0c 06 03 55 1d 13 04   a..P9.Jl0...U...
04b0 - 05 30 03 01 01 ff 30 0d-06 09 2a 86 48 86 f7 0d   .0....0...*.H...
04c0 - 01 01 0b 05 00 03 82 01-01 00 d1 6a 84 a8 5a e4   ...........j..Z.
04d0 - c7 48 de 4a 29 36 52 d8-0f 32 58 a5 1a 46 c5 32   .H.J)6R..2X..F.2
04e0 - ba 43 d1 b1 ed 23 fa 95-b1 ec aa e7 33 f0 79 ac   .C...#......3.y.
04f0 - 07 93 7a 87 d1 42 f2 e4-53 65 37 3b 60 db 05 dc   ..z..B..Se7;`...
0500 - c6 49 82 35 7f 54 4c 0b-8f ba 45 1a 26 16 36 69   .I.5.TL...E.&.6i
0510 - 39 cc e2 bb 74 8c f7 54-64 2b d6 ca 89 e6 d8 4e   9...t..Td+.....N
0520 - 2c 1b 4f 3d 66 ae cf 4d-6f 2b 3b 2a 5f 41 5c 73   ,.O=f..Mo+;*_A\s
0530 - 12 5d bb 56 97 77 23 f6-05 ab 6c 30 d0 c0 eb 49   .].V.w#...l0...I
0540 - 55 46 bd 25 8b dd e3 12-84 f9 a9 3e ce ad f3 31   UF.%.......>...1
0550 - 54 df 8f 3e 86 b7 67 4a-42 9d 00 12 8f b7 98 de   T..>..gJB.......
0560 - b4 a8 bd a8 18 33 a9 9a-65 e4 f4 12 58 a4 ec 97   .....3..e...X...
0570 - 87 d1 c6 bc e9 e9 99 16-e1 94 1b 4e 32 ce 7a c9   ...........N2.z.
0580 - 3b f0 3a fc d6 a2 b1 49-1c 4d 2e bf 3d 66 3d 53   ;.:....I.M..=f=S
0590 - 88 73 82 12 85 bd d1 88-d4 1f 24 bd 24 55 69 05   .s........$.$Ui.
05a0 - d2 42 c2 47 9f ab 7f 9e-db b5 59 d3 ea 4f 15 01   .B.G......Y..O..
05b0 - e7 4f 6c 98 51 52 2f e8-82 97 4e 2e 5c 95 c8 58   .Ol.QR/...N.\..X
05c0 - c1 0c 70 a3 9f 59 bd 32-5d 76                     ..p..Y.2]v
depth=1 CN = Demo Server CA
verify return:1
depth=0 CN = demo.example.com
verify return:1
read from 0x7fc68341ac70 [0x7fc68380f803] (5 bytes => 5 (0x5))
0000 - 16 03 03 01 4d                                    ....M
read from 0x7fc68341ac70 [0x7fc68380f808] (333 bytes => 333 (0x14D))
0000 - 0c 00 01 49 03 00 17 41-04 3e 9f be a6 2f e5 3a   ...I...A.>.../.:
0010 - b9 ab a7 24 64 c6 df 5a-37 0b ee ba cd 9e c3 7f   ...$d..Z7.......
0020 - 73 48 77 3f fe 71 84 be-ea 77 9c f6 62 19 85 2b   sHw?.q...w..b..+
0030 - 96 2a 07 f8 a3 07 c9 d4-62 06 f3 20 c9 67 d6 fe   .*......b.. .g..
0040 - 6f f1 2f bb 3a 03 81 2f-b9 04 01 01 00 6a 4e f9   o./.:../.....jN.
0050 - 64 02 91 e3 e3 e3 6d 9b-6b 82 1a a3 58 76 d8 29   d.....m.k...Xv.)
0060 - 97 7e 59 41 8c aa f7 96-1a c3 a8 c1 5b 9d 34 e8   .~YA........[.4.
0070 - 4e fc 12 22 dc 6a 4e 3c-fa 37 8d e6 02 44 26 b9   N..".jN<.7...D&.
0080 - f3 6b 96 19 9f 2e e3 ba-f1 42 94 a3 cf 02 6a 67   .k.......B....jg
0090 - 48 fe 4e e6 8c d3 27 35-94 aa d2 20 61 88 f9 5a   H.N...'5... a..Z
00a0 - b6 8b 1d 89 3a d7 fa 18-50 4e 71 81 a6 39 22 d8   ....:...PNq..9".
00b0 - 5f 2d 35 63 95 65 71 94-95 bf c4 76 76 14 4a 18   _-5c.eq....vv.J.
00c0 - dd 9d 53 4b 86 09 94 17-ab 93 93 52 c2 3d 98 8b   ..SK.......R.=..
00d0 - d1 76 db 26 b8 58 07 74-43 d8 81 5b 6f e0 e5 53   .v.&.X.tC..[o..S
00e0 - 19 04 9b e0 34 b5 f2 78-26 86 a7 66 e7 e0 55 82   ....4..x&..f..U.
00f0 - 69 b0 04 8f ae e2 23 8d-37 a3 0d 59 43 f1 a0 f2   i.....#.7..YC...
0100 - d0 70 4a aa 43 61 38 9e-be e6 0f 0e 32 39 db b4   .pJ.Ca8.....29..
0110 - 12 72 ac ba 26 85 16 4e-d4 12 e1 92 cc fc 57 d2   .r..&..N......W.
0120 - b8 cf 4a 64 b1 f1 e1 c6-de a3 81 be 3e dd 3f 15   ..Jd........>.?.
0130 - 25 4b ab 93 81 c2 aa 08-ba bc dc cf 58 e8 13 9b   %K..........X...
0140 - ab 7e 1e f7 10 eb 97 c8-4d 85 d3 eb 48            .~......M...H
read from 0x7fc68341ac70 [0x7fc68380f803] (5 bytes => 5 (0x5))
0000 - 16 03 03 00 04                                    .....
read from 0x7fc68341ac70 [0x7fc68380f808] (4 bytes => 4 (0x4))
0000 - 0e                                                .
0004 - <SPACES/NULS>
write to 0x7fc68341ac70 [0x7fc684800e00] (75 bytes => 75 (0x4B))
0000 - 16 03 03 00 46 10 00 00-42 41 04 f7 b0 72 38 99   ....F...BA...r8.
0010 - 8b 9a e7 ce 80 0c f6 5c-8f 0e 49 ca a4 59 37 ff   .......\..I..Y7.
0020 - fe 7e 67 bf 9d 8b 76 8a-38 ff 19 72 bf 9f 92 cf   .~g...v.8..r....
0030 - 01 9a 47 48 69 f9 5c 67-e4 0f 6a ba f5 f7 d1 33   ..GHi.\g..j....3
0040 - f2 4f 01 13 1e ab 6a c0-27 6f 70                  .O....j.'op
write to 0x7fc68341ac70 [0x7fc684800e00] (6 bytes => -1 (0xFFFFFFFFFFFFFFFF))
write:errno=32

---
Certificate chain
 0 s:/CN=demo.example.com
   i:/CN=Demo Server CA
 1 s:/CN=Demo Server CA
   i:/CN=Demo Server CA

---
Server certificate
-----BEGIN CERTIFICATE-----
MIICsDCCAZgCCQDl7Sr1MM5u/DANBgkqhkiG9w0BAQsFADAZMRcwFQYDVQQDDA5E
ZW1vIFNlcnZlciBDQTAeFw0xNjA3MjgyMzI3MjFaFw0yNjA3MjYyMzI3MjFaMBsx
GTAXBgNVBAMMEGRlbW8uZXhhbXBsZS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCwtynXnOQJ8DM4M89zSSdT3ZPH/EHQIWe7Ae6Opq91GldNds38
EBTY7zz1RvPUWauECE4qwwVOIgEb2pVdl0rB3Urrt4h13Gy1P2mowvgaXiaP9mC0
B3/dBAZhVyhvFCranweTRRWV9j/f5d0SAWHqbH2JJhwM64ypocNfYwohnRdJjZIu
ETXoLAoE88q0N5WtOj6wiJsd3pOb5zCphbijZzW21kwTurdoODVYAuIqPbOH1vS2
kHeS3OhHwZlMEbNXUnODAFpdpg7nR2gtmZ3CBWadSQNG5wpZ45OxgKOiZCbFNTBu
+HPSJ0+sLpin7QYmVxxtibocrR9TJvmHu9szAgMBAAEwDQYJKoZIhvcNAQELBQAD
ggEBAFsO/FgiAm3YWlBGsdNUE7nLJsshz6Zx3gGucVdNcbJhcL6V+JmEBiDmqAdo
pOsWC776YU9DE40FJSoDB3H81WWQOCB9KCqZrBE9ZPXpGlgTQ1GXjrbKXee6OL6Y
g998LA76KexP2Ars3FMcJvwhNaUY7gpjZM5AdgHwdti4uEqg2gknxnUXCj7B7Vnz
yT1LATy+IiF+5FFlNZSCDm6i5kMfRVvhLFVsIH/nmbB3mxA8vMgPAjaWJb4ayZiU
PEyXLFMdFyN5kM3PYmHEeEENGCTB6lKOJu3QkLC2P8NjklIUcKu8GEVOQPbOGKpC
JZqydwm+00fKGLUhgABjBhAfVYI=
-----END CERTIFICATE-----
subject=/CN=demo.example.com
issuer=/CN=Demo Server CA

---
No client certificate CA names sent
Peer signing digest: SHA256
Server Temp Key: ECDH, P-256, 256 bits

---
SSL handshake has read 1920 bytes and written 81 bytes

---
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-GCM-SHA384
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
    Protocol  : TLSv1.2
    Cipher    : ECDHE-RSA-AES256-GCM-SHA384
    Session-ID: DD3BA61E2F9418F4A8E322A35DF265543608229108265A298B4E2FFC475DAB16
    Session-ID-ctx: 
    Master-Key: C8FB6E5DB8A0F6652573BA5701DE9641A6CEA71D2F490C00F9CC06DCC59F0A87147D523E6EE7F2D4F50C944392C512FF
    Key-Arg   : None
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    Start Time: 1469748461
    Timeout   : 300 (sec)
    Verify return code: 0 (ok)

---

At which point the connection is closed (note the write:errno=32).

Am I missing something obvious/doing something silly?

Many thanks, Chris

ixalon commented 8 years ago

I think this might be related to issue #444

ixalon commented 8 years ago

After some further testing the problems seems to be introduced in 7.3.5 (7.3.4 does not close dealloc the socket prematurely).

~~Although in 7.3.4 GCDAsyncSocket never considers TLS handshake to be complete so we eventually get a read timeout (the client believes the handshake is complete and is sending encrypted data.).~~

With 7.3.4 and below I'm seeing socketDidSecure: get called, but no further data can be read from the socket, so we get timeouts:

2016-07-29 11:53:25.377 DemoServer[19835:1181371] Socket disconected: Error Domain=GCDAsyncSocketErrorDomain Code=4 "Read operation timed out" UserInfo={NSLocalizedDescription=Read operation timed out}

ixalon commented 8 years ago

Worked out my issue with 7.3.4 (operator error - waiting for CRLF where a linebreak in openssl s_client is just a LF!).

SSL handshake in 7.3.5 and above remains broken however.

chrisballinger commented 8 years ago

Do you have an idea where/why it's broken? This is a pretty serious regression.

On Fri, Jul 29, 2016 at 1:42 PM, Chris Warren notifications@github.com wrote:

Worked out my issue with 7.3.4 (operator error - waiting for CRLF where a linebreak in openssl s_client is just a LF!).

SSL handshake in 7.3.5 and above remains broken however.

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/robbiehanson/CocoaAsyncSocket/issues/457#issuecomment-236288240, or mute the thread https://github.com/notifications/unsubscribe-auth/AAfqH5N6O0uBgkzpl2_UnLt-tc43yZmoks5qamW_gaJpZM4JXvpd .

FrankCYQ commented 6 years ago

-(void)socket:(GCDAsyncSocket )socket didConnectToHost:(NSString )host port:(uint16_t)port{

NSMutableDictionary *settings = [[NSMutableDictionary alloc] init];

[settings setObject:[NSNumber numberWithBool:YES]
             forKey:GCDAsyncSocketManuallyEvaluateTrust];

[self.socket startTLS:settings];

}

I got the same problem after i call startTLS method the socket disconnect with error " Error Domain=kCFStreamErrorDomainSSL Code=-9806 "(null)" UserInfo={NSLocalizedRecoverySuggestion=Error code definition can be found in Apple's SecureTransport.h}" is there anybody can tell me how to fix it

github-actions[bot] commented 4 years ago

This issue has been marked as stale, it will be closed automatically if there is no further activity.

nguyenhuutinh commented 4 years ago

did you resolve this issue?

robbiehanson / CocoaAsyncSocket

Socket closing after startTLS with kCFStreamSSLIsServer=YES #457