[systemd-devel] SSL_connect fails on systemd socket

Tiwari, Hari Sahaya hari-sahaya.tiwari at hpe.com
Tue Jan 28 14:06:44 UTC 2020


Hi,

I am trying to implement a client server program over SSL through systemd.
Here I have a TCP systemd socket (listening on a predefined port) and its associated service.

systemd socket file:-
# cat /usr/lib/systemd/system/test_ssl.socket
[Unit]
Description=Test socket

[Socket]
ListenStream=2000
Accept=true
MaxConnections=900

[Install]
WantedBy=sockets.target

systemd service file:-
# cat /usr/lib/systemd/system/test_ssl at .service
[Unit]
Description= Test Service
Requires=test_ssl.socket

[Service]
ExecStart=/home/SSL/server
StandardInput=socket
KillMode=process

[Install]
WantedBy=multi-user.target

The service file invoke the binary /home/SSL/server.

Here is it a very simple client server program, where

1.       Server binds and listens on a port number.

2.       Client first connects to server with normal connect (server will do accept)

3.       Once it gets the fd, client does the SSL_connect over same connection. (server will do SSL_accept)

4.       After that it will be SSL_read & SSL_write.

Once, I start the systemd socket I can see the systemd starts listening on port 2000.
# systemctl start test_ssl.socket
#  netstat -an | grep 2000
tcp6       0      0 :::2000                 :::*                    LISTEN

Post than when executing client, SSL_conect fails.
# ./client localhost 2000
OpenConnection succedeed. << normal connect succeeds.
SSL_connect failed.
140691172779952:error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number:s3_pkt.c:365:
Here client is able to do normal connect, post that SSL_connect fails.

This client server program works well outside of systemd.

Do I need to add some extra steps to get this working?
Any help or reference would be appreciated.

Thanks & Regards,



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.freedesktop.org/archives/systemd-devel/attachments/20200128/cc5102f6/attachment-0001.htm>


More information about the systemd-devel mailing list