|
|
| Author |
Message |
|
| jb |
 Posted: Fri Aug 26, 2005 1:29 pm |
 |
|
|
Joined: 16 Feb 2005
Posts: 4
|
The deadlock occurs when the client sends lots of data to an
erlang SSL server and the SSL server queries the SSL library
for for example ssl:peername().
What happens is that the esock port program will try to write
the data to the ssl_broker, and eventually block in write() and
stay blocked until erlang has read the data.
However, suppose you have the following situation.
1. A process recv: some data from the SSL socket and then proceeds
without reading all data.
2. The esock port program blocks since it tries to write (it will not
block right way since there are both read and write buffers on the
TCP level on the socket between the ssl_broker and esock.
3. The same process as in 1 tries to read the peername from the SSL
socket. This will cause the broker to send an GETPEERNAME request
via the ssl_server to esock, and wait for the reply. Howerver
esock cannot answer since it blocks in write() of the SSL data.
All SSL traffic is blocked at this point and no further SSL processing
can take place.
The solution is to make the (proxy) socket between esock and the
ssl_broker non-blocking (which appears to be the intention).
Patch against r10-b4 lib/ssl/c_src/esock.c:
452a453
> SET_NONBLOCKING(proxysock);
988,990c989,991
< } else if (cc == 0) {
< /* EOF proxy */
< DEBUGF(("proxy eof\n"));
---
> } else {
> /* EOF proxy or error */
> DEBUGF(("proxy eof or error\n"));
1000,1003d1000
< } else {
< /* This should not happen */
< DEBUGF(("ERROR: proxy readmask set, cc < 0, fd = %d"
< " proxyfd = %d\n", cp->fd, cp->proxy->fd));
/Johan and Martin
Post generated using Mail2Forum (http://m2f.sourceforge.net) |
|
|
| Back to top |
 
|
| mbj at bluetail.com |
| Posted: Fri Aug 26, 2005 2:23 pm |
|
|
|
Guest
|
Here's a small program to reproduce the problem
-module(s).
-compile(export_all).
%% illustrates ssl deadlock problem
%% do s:d() in an erlang shell
%% in a terminal shell, do
%% openssl s_client -connect localhost:5432 < a-1-MB-file
d() ->
application:start(ssl),
{ok, L} =
ssl:listen(5432,
[{active, false},
{certfile, "/home/share/mbj/src/yaws/ssl/cert.example"},
{keyfile, "/home/share/mbj/src/yaws/ssl/key.example"}]),
{ok, S} = ssl:accept(L),
{ok, Data} = ssl:recv(S, 0),
io:format("got ~p bytes\n", [length(Data)]),
timer:sleep(10000),
{ok, PeerName} = ssl:peername(S),
io:format("peername: ~p\n", [PeerName]),
ssl:close(S),
ssl:close(L).
Post generated using Mail2Forum (http://m2f.sourceforge.net) |
|
|
| Back to top |
|
| erlang at inswitch.us |
| Posted: Fri Aug 26, 2005 2:51 pm |
|
|
|
Guest
|
|
| Back to top |
|
|
|
All times are GMT
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum
|
|
|
Digg It
Del.icio.us
Reddit
Facebook
Stumble Upon
Technorati
