[erlang-bugs] SSL fails at sending a short message while receiving a big one

Ingela Anderton Andin <>
Thu Feb 13 15:24:00 CET 2014


Hi!

If you make your client use a passive socket instead of a active one 
your first test case, it will work better!

I also rewrote your second version into:    (which works fine for me)

-module(big2).
-compile(export_all).

server() ->
     ssl:start(),
     CaInfo = erl_make_certs:make_cert([{key, dsa}]),
     {Cert, {Asn1Type, Der, _}} = erl_make_certs:make_cert([{key, dsa}, 
{issuer, CaInfo}]),
     Key = {Asn1Type, Der},
     spawn(fun() ->
           {ok, L} = ssl:listen(44444, [
                            {cert, Cert},
                            {key, Key},
                            {active, false},
                            binary
                           ]),
           {ok, S} = ssl:transport_accept(L),
           ssl:ssl_accept(S),
           ok = recv(S, 27),
           ok = recv(S, size(<< 0:800000000 >>)),
           ok = ssl:send(S, <<"it works!">>),
           ssl:shutdown(S, write),
           ok = recv(S, 2)
       end).

client() ->
     {ok, S} = ssl:connect("localhost", 44444, [{active, false}, binary]),
     ssl:send(S, "some data before a big body"),
     ssl:send(S, << 0:800000000 >> ),
     recv(S, 9),
     ssl:send(S, "ok"),
     ok.

recv(_S, 0) ->
     ok;
recv(S, N) ->
     {ok, Bin} = ssl:recv(S, 0, 5000),
     recv(S, N - size(Bin)).


Regards Ingela Erlang/OTP team - Ericsson AB

On 02/08/2014 07:50 PM, Loïc Hoguin wrote:
> Hello,
>
> While investigating a solution for TCP linger issues with Cowboy, I 
> was surprised when I saw that the solution that worked perfectly well 
> for TCP didn't for SSL.
>
> It *may* be related to what fails in my other "SSL socket gets closed 
> abruptly" thread, as both cases send large data. However that other 
> thread is a little more crazy (as sending any non-200 response does 
> work there, while in this case I never got any response).
>
> Please see a test case attached. It's a simpler simulation of what may 
> actually happen with HTTP. First a few small packets (often one) are 
> sent for the headers, and then a potentially huge body. The server may 
> not want to receive the body, but it always needs to send a response. 
> Problem is, if we don't read the body, that response is never sent 
> with SSL.
>
> It's interesting to note that incorrect behavior occurs regardless of 
> the shutdown call being there. That call is used for the lingering 
> solution mentioned above so I tried with and without. In both cases 
> the response isn't received by the client. If the shutdown call is 
> there, the recv call will eventually say {error, closed} (it may or 
> may not take a while, I had both). If the shutdown call isn't there, 
> recv will just timeout.
>
> You need erl_make_certs from the SSL test suite for this test case too.
>
> Below output is for R16B02 but the issue also occurs with master 
> updated sometimes this week too.
>
> % erl
> Erlang R16B02 (erts-5.10.3) [source] [64-bit] [smp:4:4] 
> [async-threads:10] [hipe] [kernel-poll:false]
>
> Eshell V5.10.3  (abort with ^G)
> 1> c(erl_make_certs).
> {ok,erl_make_certs}
> 2> c(sslbig).
> {ok,sslbig}
> 3> "With shutdown write".
> "With shutdown write"
> 4> sslbig:server().
> <0.69.0>
> 5> sslbig:client().
> ** exception error: no match of right hand side value {error,closed}
>      in function  sslbig:client/0 (sslbig.erl, line 29)
> 6> c(sslbig).
> {ok,sslbig}
> 7> "Without shutdown write".
> "Without shutdown write"
> 8> sslbig:server().
> <0.84.0>
> 9> sslbig:client().
> ** exception error: no match of right hand side value {error,timeout}
>      in function  sslbig:client/0 (sslbig.erl, line 29)
> 10>
>
> Enjoy!
>
>
>
> _______________________________________________
> erlang-bugs mailing list
> 
> http://erlang.org/mailman/listinfo/erlang-bugs

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://erlang.org/pipermail/erlang-bugs/attachments/20140213/5713fa64/attachment.html>


More information about the erlang-bugs mailing list