writing to server-mode SSLStream after initiating TCP connection

Posted Sun, 21 Sep 2014 06:38:09 GMT

I've run into a really bizarre problem. I'm using createSSLStream, with a SSLContextKind.server that has a cert+key associated with it, to create an SSLStream on top of a TCPConnection I've created with connectTCP. The handshake goes fine, and I can read() on the SSLStream to get data that the other side sends. However, write()ing to it (even with a flush() afterwards) does nothing - as in, tcpdump shows that no packets ever get sent when that write() happens.

On the other hand, if I have the other side initiate the TCP connection, receiving it via listenTCP, all the SSL stuff works exactly as I would expect.

One thing that I'm thinking might be a problem: I'm using the D Thread class to spin off the thread that is doing the problematic createSSLStream()s. It and the main thread (the one that can correctly receive TLS connections) both have their own SSLContext to use, because using one that was created in the other thread was crashing the whole program. (I also had the same crashing problem with trying to share Mongo connections among threads. I tried using runTask before going to the thread approach, but it wasn't working... )

//DOES NOT WORK
class EmailMonitorThread : Thread
{
	this(){super(&run);}
private:
	void run()
	{
		client_sslctx = createSSLContext(SSLContextKind.server);
		client_sslctx.useCertificateChainFile("dirserv.crt");
		client_sslctx.usePrivateKeyFile("dirserv.key");
		client_dbClient = connectMongoDB("127.0.0.1");
		emailMonitor();
	}
}
//...
//later on...
TCPConnection con = connectTCP(curIP, port);
SSLStream theSSL = createSSLStream(con, client_sslctx);
ubyte[64] recvBuf;
ubyte[1] choiceBuf;
//the following reads work fine:
theSSL.read(recvBuf);
theSSL.read(choiceBuf);
//tcpdump shows that the following write fails to produce a packet on the network:
theSSL.write("K");
theSSL.flush();




//...
//elsewhere: THIS DOES WORK
server_sslctx = createSSLContext(SSLContextKind.server);
server_sslctx.useCertificateChainFile("dirserv.crt");
server_sslctx.usePrivateKeyFile("dirserv.key");
listenTCP(cast(ushort)8080,
(con)
{
	try
	{
		SSLStream theSSL = createSSLStream(con, server_sslctx);
                ubyte[64] recvBuf;
                ubyte[1] choiceBuf;
                //the following reads work fine:
                theSSL.read(recvBuf);
                theSSL.read(choiceBuf);
                //this time, this write works:
                theSSL.write("K");

So, are my not-exactly-the-vibe-way threads causing problems, am I making some non-thread-related configuration mistake, or is this a bug?