OpenSSL configure maximum number of connections

Question

My application holds between 950-970 SSL connections before it segfaults inside SSL_read. Is it possible to configure OpenSSL to accept more connections than this?

I've programmed it to not do anything over the connections after acquiring them, so I know this is a function of # of open connections, not # of connections currently reading/writing or time.

Updates:

• Same error on ubuntu at the same place. I'm working on ubuntu going forward.
• Same error if I double my machine size (RAM, swap, CPU) at the same number of connections.
• Context is not null.
• ulimit -n is set to 4096. I've verified this by also setting ulimit -100, a different error is observed in that case.
• Issue happens even if threads are pooled. Issue happens at the same number of connections, whether there is 1 thread / connection or 1 thread / 10 connections.

I am trying to build OpenSSL from source with debugging options enabled. I'm starting to wonder if this will take hours or tell me anything useful though. I have a question on that here.

I've determined the segfault is happening on this line in openssl v 1.0.1.c:

ssl_lib.c:968

968     return(s->method->ssl_read(s,buf,num));

Furthermore, I've determined that this is not segfaulting inside the ssl_read function (which ought to point to ssl3_read). The member ssl_read of method is actually invalid itself and it appears method itself is also invalid (I'm inferring this on the basis of "strange looking address.")

Answer 1

IMHO, it seems like you reached some limit. As you said, the number file descriptors is OK. So, you could try increase stack size with ulimit. Eg:

ulimit -s 32768

Furthermore, you could use a tool like valgrind, to help you find out what really is going on at the point your app segfaults.

Hope it helps.