SSLSocket -- Connection reset by peer

Hi Guys,
I’m having a weird (to me, at least) problem trying to connect to an SSL
socket using a custom protocol and read and send some data. Any help
would be greatly appreciated.

I’m getting the error:
/usr/lib/ruby/1.8/openssl/buffering.rb:35:in sysread': Connection reset by peer (Errno::ECONNRESET) from /usr/lib/ruby/1.8/openssl/buffering.rb:35:infill_rbuff’
from /usr/lib/ruby/1.8/openssl/buffering.rb:67:in read' from ./display_pusher.rb:23:inupdate_display’
from ./display_pusher.rb:44

My code is as follows:

#!/usr/bin/ruby

require ‘openssl’
require ‘socket’
require ‘resolv’

class DisplayUpdater

def self.update_display(address, port, data)
sslCtx = OpenSSL::SSL::SSLContext.new()
sslCtx.ca_file = ‘cacert.pem’
sslCtx.cert = OpenSSL::X509::Certificate.new(File.read(“cert.pem”))
sslCtx.key = OpenSSL::PKey::RSA.new(File.read(“key.pem”))
sslCtx.verify_mode = OpenSSL::SSL::VERIFY_PEER
tcpSock = TCPSocket::new(address, port)
sslSock = OpenSSL::SSL::SSLSocket.new(tcpSock, sslCtx)
sslSock.sync_close = true
sslSock.connect

success = false
sslSock.write(data + "\n")

response = sslSock.read #**ERROR OCCURS HERE

#do some stuff with response here

puts "Success!"

sslSock.close
sslCtx.flush_sessions
return success

end

end

DisplayUpdater::update_display(‘127.0.0.1’, 23, ‘–’)


The server is running xinetd -> stunnel -> a custom c++ app, and I can
connect to it flawlessly from the same computer that’s running ruby with
openssl s_client.

Any ideas what I’m doing wrong?

Thanks!

Mike Vastola wrote:

DisplayUpdater::update_display(‘127.0.0.1’, 23, ‘–’)

You’re really running an SSL server on the telnet port on your local
computer?

I can
connect to it flawlessly from the same computer that’s running ruby with
openssl s_client.

Can you show the full command line you use for openssl s_client ? And
the certificate validation result when you run it?

Also, have you tried:
sslSock.write(data + “\r\n”)

Brian C. wrote:

Mike Vastola wrote:

DisplayUpdater::update_display(‘127.0.0.1’, 23, ‘–’)

You’re really running an SSL server on the telnet port on your local
computer?

Haha. No. I change the port/hostname to mask what it really was.

I can
connect to it flawlessly from the same computer that’s running ruby with
openssl s_client.

Can you show the full command line you use for openssl s_client ? And
the certificate validation result when you run it?

openssl s_client -connect {non-localhost-host}:{non-telnet-port} -cert
cert.pem -key key.pem -CAfile cacert.pem

CONNECTED(00000003)
depth=1 {INSERT_CA_SUBJECT_HERE}
verify return:1
depth=0 {INSERT_SERVER_SUBJECT_HERE}
verify return:1

Certificate chain
0 s: {INSERT_SERVER_SUBJECT_HERE}
i: {INSERT_CA_SUBJECT_HERE}
1 s: {INSERT_CA_SUBJECT_HERE}
i: {INSERT_CA_SUBJECT_HERE}

Server certificate
-----BEGIN CERTIFICATE-----
{INSERT_CERTIFICATE_HERE}
-----END CERTIFICATE-----
subject= {INSERT_SERVER_SUBJECT_HERE}
issuer= {INSERT_CA_SUBJECT_HERE}

Acceptable client certificate CA names
{INSERT_CA_SUBJECT_HERE}

SSL handshake has read 4252 bytes and written 5147 bytes

New, TLSv1/SSLv3, Cipher is AES256-SHA
Server public key is 4096 bit
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol : TLSv1
Cipher : AES256-SHA
Session-ID:
1BE2DD87165574CD6F2D99720007FDCA811C63546FB449A72B0293C54177A5E5
Session-ID-ctx:
Master-Key:
BCCAE579F3AF185BDAFF1D30D6F058573EC8266DE2877CE73E30ED7ED2BE819DD15B7098304F59529BAF6BE12FD18EED
Key-Arg : None
Start Time: 1284991918
Timeout : 300 (sec)
Verify return code: 0 (ok)

%%% Starting Here Is the actual Custom Protocol Communications %%%

OK
*** Setting display 00 to value ‘–’ via /dev/ttyUSB0.
DONE
%%% End Custom Protocol Communications %%%
closed

Also, have you tried:
sslSock.write(data + “\r\n”)

No… will try though…

Whoa. Just got it working when I changed the code to:


sslSock.write(data + "\n")

while line = sslSock.gets
  puts line
  success = true if line.chop == "DONE"
end

No idea why/how that fixed it, but thanks a ton!!!