How do TLS connections in EventMachine work?

Question

I have a custom Protobuf-based protocol that I've implemented as an EventMachine protocol and I'd like to use it over a secure connection between the server and clients. Each time I send a message from a client to the server, I prepend the message with a 4-byte integer representing the size of the Protobuf serialized string to be sent such that the server knows how many bytes to read off the wire before parsing the data back into a Protobuf message.

I'm calling start_tls in the post_init callback method in both the client and server protocol handlers, with the one in the server handler being passed the server's private key and certificate. There seems to be no errors happening at this stage, based on log messages I'm printing out.

Where I get into trouble is when I begin parsing data in the receive_data callback in the server's handler code... I read 4 bytes of data off the wire and unpack it to an integer, but the integer that gets unpacked is not the same integer I send from the client (i.e. I'm sending 17, but receiving 134222349).

Note that this does not happen when I don't use TLS... everything works fine if I remove the start_tls calls in both the client and server code.

Is it the case that SSL/TLS data gets passed to the receive_data callback when TLS is used? If so, how do I know when data from the client begins? I can't seem to find any example code that discusses this use case...

Answer 1

OK, so via a cross-post to the EventMachine Google Group I figured out what my problem was here. Essentially, I was trying to send data from the client to the server before the TLS handshake was done because I wasn't waiting until the ssl_handshake_completed callback was called.

Here's the code I got to work, just in case anyone comes across this post in the future. :)

Handler code for the server-side:

require 'eventmachine'

class ServerHandler < EM::Connection
  def post_init
    start_tls :private_key_file => 'server.key', :cert_chain_file => 'server.crt', :verify_peer => false
  end

  def receive_data(data)
    puts "Received data in server: #{data}"
    send_data(data)
  end
end

Handler code for the client-side:

require 'eventmachine'

class ClientHandler < EM::Connection
  def connection_completed
    start_tls
  end

  def receive_data(data)
    puts "Received data in client: #{data}"
  end

  def ssl_handshake_completed
    send_data('Hello World! - 12345')
  end
end

Code to start server:

EventMachine.run do
  puts 'Starting server...'
  EventMachine.start_server('127.0.0.1', 45123, ServerHandler)
end

Code to start client:

EventMachine.run do                      
  puts 'Starting client...'              
  EventMachine.connect('127.0.0.1', 45123, ClientHandler)
end