[erlang-bugs] SSL fails at sending a short message while receiving a big one
Ingela Anderton Andin
ingela.anderton.andin@REDACTED
Thu Feb 13 15:24:00 CET 2014
Hi!
If you make your client use a passive socket instead of a active one
your first test case, it will work better!
I also rewrote your second version into: (which works fine for me)
-module(big2).
-compile(export_all).
server() ->
ssl:start(),
CaInfo = erl_make_certs:make_cert([{key, dsa}]),
{Cert, {Asn1Type, Der, _}} = erl_make_certs:make_cert([{key, dsa},
{issuer, CaInfo}]),
Key = {Asn1Type, Der},
spawn(fun() ->
{ok, L} = ssl:listen(44444, [
{cert, Cert},
{key, Key},
{active, false},
binary
]),
{ok, S} = ssl:transport_accept(L),
ssl:ssl_accept(S),
ok = recv(S, 27),
ok = recv(S, size(<< 0:800000000 >>)),
ok = ssl:send(S, <<"it works!">>),
ssl:shutdown(S, write),
ok = recv(S, 2)
end).
client() ->
{ok, S} = ssl:connect("localhost", 44444, [{active, false}, binary]),
ssl:send(S, "some data before a big body"),
ssl:send(S, << 0:800000000 >> ),
recv(S, 9),
ssl:send(S, "ok"),
ok.
recv(_S, 0) ->
ok;
recv(S, N) ->
{ok, Bin} = ssl:recv(S, 0, 5000),
recv(S, N - size(Bin)).
Regards Ingela Erlang/OTP team - Ericsson AB
On 02/08/2014 07:50 PM, Loïc Hoguin wrote:
> Hello,
>
> While investigating a solution for TCP linger issues with Cowboy, I
> was surprised when I saw that the solution that worked perfectly well
> for TCP didn't for SSL.
>
> It *may* be related to what fails in my other "SSL socket gets closed
> abruptly" thread, as both cases send large data. However that other
> thread is a little more crazy (as sending any non-200 response does
> work there, while in this case I never got any response).
>
> Please see a test case attached. It's a simpler simulation of what may
> actually happen with HTTP. First a few small packets (often one) are
> sent for the headers, and then a potentially huge body. The server may
> not want to receive the body, but it always needs to send a response.
> Problem is, if we don't read the body, that response is never sent
> with SSL.
>
> It's interesting to note that incorrect behavior occurs regardless of
> the shutdown call being there. That call is used for the lingering
> solution mentioned above so I tried with and without. In both cases
> the response isn't received by the client. If the shutdown call is
> there, the recv call will eventually say {error, closed} (it may or
> may not take a while, I had both). If the shutdown call isn't there,
> recv will just timeout.
>
> You need erl_make_certs from the SSL test suite for this test case too.
>
> Below output is for R16B02 but the issue also occurs with master
> updated sometimes this week too.
>
> % erl
> Erlang R16B02 (erts-5.10.3) [source] [64-bit] [smp:4:4]
> [async-threads:10] [hipe] [kernel-poll:false]
>
> Eshell V5.10.3 (abort with ^G)
> 1> c(erl_make_certs).
> {ok,erl_make_certs}
> 2> c(sslbig).
> {ok,sslbig}
> 3> "With shutdown write".
> "With shutdown write"
> 4> sslbig:server().
> <0.69.0>
> 5> sslbig:client().
> ** exception error: no match of right hand side value {error,closed}
> in function sslbig:client/0 (sslbig.erl, line 29)
> 6> c(sslbig).
> {ok,sslbig}
> 7> "Without shutdown write".
> "Without shutdown write"
> 8> sslbig:server().
> <0.84.0>
> 9> sslbig:client().
> ** exception error: no match of right hand side value {error,timeout}
> in function sslbig:client/0 (sslbig.erl, line 29)
> 10>
>
> Enjoy!
>
>
>
> _______________________________________________
> erlang-bugs mailing list
> erlang-bugs@REDACTED
> http://erlang.org/mailman/listinfo/erlang-bugs
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://erlang.org/pipermail/erlang-bugs/attachments/20140213/5713fa64/attachment.htm>
More information about the erlang-bugs
mailing list