SSLSocket -- Connection reset by peer

[Mike Vastola]

Hi Guys,
I'm having a weird (to me, at least) problem trying to connect to an SSL
socket using a custom protocol and read and send some data. Any help
would be greatly appreciated.

I'm getting the error:
/usr/lib/ruby/1.8/openssl/buffering.rb:35:in `sysread': Connection reset
by peer (Errno::ECONNRESET)
from /usr/lib/ruby/1.8/openssl/buffering.rb:35:in `fill_rbuff'
from /usr/lib/ruby/1.8/openssl/buffering.rb:67:in `read'
from ./display_pusher.rb:23:in `update_display'
from ./display_pusher.rb:44

My code is as follows:
-------------
#!/usr/bin/ruby

require 'openssl'
require 'socket'
require 'resolv'

class DisplayUpdater

def self.update_display(address, port, data)
sslCtx = OpenSSL::SSL::SSLContext.new()
sslCtx.ca_file = 'cacert.pem'
sslCtx.cert = OpenSSL::X509::Certificate.new(File.read("cert.pem"))
sslCtx.key = OpenSSL:Key::RSA.new(File.read("key.pem"))
sslCtx.verify_mode = OpenSSL::SSL::VERIFY_PEER
tcpSock = TCPSocket::new(address, port)
sslSock = OpenSSL::SSL::SSLSocket.new(tcpSock, sslCtx)
sslSock.sync_close = true
sslSock.connect

success = false
sslSock.write(data + "\n")

response = sslSock.read #**ERROR OCCURS HERE

#do some stuff with response here

puts "Success!"

sslSock.close
sslCtx.flush_sessions
return success
end

end


DisplayUpdater::update_display('127.0.0.1', 23, '--')

-----------

The server is running xinetd -> stunnel -> a custom c++ app, and I can
connect to it flawlessly from the same computer that's running ruby with
openssl s_client.

Any ideas what I'm doing wrong?

Thanks!

 

[Brian Candler]

DisplayUpdater::update_display('127.0.0.1', 23, '--')

You're really running an SSL server on the telnet port on your local
computer?

I can
connect to it flawlessly from the same computer that's running ruby with
openssl s_client.

Can you show the full command line you use for openssl s_client ? And
the certificate validation result when you run it?

Also, have you tried:
sslSock.write(data + "\r\n")

 

[Mike Vastola]

You're really running an SSL server on the telnet port on your local
computer?

Haha. No. I change the port/hostname to mask what it really was.

Can you show the full command line you use for openssl s_client ? And
the certificate validation result when you run it?

openssl s_client -connect {non-localhost-host}:{non-telnet-port} -cert
cert.pem -key key.pem -CAfile cacert.pem

CONNECTED(00000003)
depth=1 {INSERT_CA_SUBJECT_HERE}
verify return:1
depth=0 {INSERT_SERVER_SUBJECT_HERE}
verify return:1
---
Certificate chain
0 s: {INSERT_SERVER_SUBJECT_HERE}
i: {INSERT_CA_SUBJECT_HERE}
1 s: {INSERT_CA_SUBJECT_HERE}
i: {INSERT_CA_SUBJECT_HERE}
---
Server certificate
-----BEGIN CERTIFICATE-----
{INSERT_CERTIFICATE_HERE}
-----END CERTIFICATE-----
subject= {INSERT_SERVER_SUBJECT_HERE}
issuer= {INSERT_CA_SUBJECT_HERE}
---
Acceptable client certificate CA names
{INSERT_CA_SUBJECT_HERE}
---
SSL handshake has read 4252 bytes and written 5147 bytes
---
New, TLSv1/SSLv3, Cipher is AES256-SHA
Server public key is 4096 bit
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol : TLSv1
Cipher : AES256-SHA
Session-ID:
1BE2DD87165574CD6F2D99720007FDCA811C63546FB449A72B0293C54177A5E5
Session-ID-ctx:
Master-Key:
BCCAE579F3AF185BDAFF1D30D6F058573EC8266DE2877CE73E30ED7ED2BE819DD15B7098304F59529BAF6BE12FD18EED
Key-Arg : None
Start Time: 1284991918
Timeout : 300 (sec)
Verify return code: 0 (ok)
---
%%% Starting Here Is the actual Custom Protocol Communications %%%
--
OK
*** Setting display 00 to value '--' via /dev/ttyUSB0.
DONE
%%% End Custom Protocol Communications %%%
closed

Also, have you tried:
sslSock.write(data + "\r\n")

No.. will try though..

 

[Mike Vastola]

Whoa. Just got it working when I changed the code to:

--------
sslSock.write(data + "\n")

while line = sslSock.gets
puts line
success = true if line.chop == "DONE"
end