SSL accept

Peter H|gfeldt peter@REDACTED
Wed Jun 30 21:16:55 CEST 2004 


-------------------------------------------------------------------------
Peter Högfeldt			e-mail  : peter@REDACTED
Open Telecom Platform		Phone:  : +46 (8) 727 57 58
Ericsson Utvecklings AB		Mobile	: +46  070-519 57 51
S-126 25 STOCKHOLM		Fax:	: +46 (8) 727 5775
Office address:			Armborstvägen 1, Älvsjö

"Computers are machines that do exactly what you tell them,
 but often surprise you in the result."
		Richard Dawkins in The Blind Watchmaker

On Wed, 30 Jun 2004, Carsten Schultz wrote:

> Hi,
> 
> I just noticed that a problem I thought had gone away is still there.
> In November 2003, Alexey Shchepin reported
> (http://www.erlang.org/ml-archive/erlang-questions/200311/msg00173.html) 
> 
> | * ssl:accept locks when when one TCP connection is established, but
> |   SSL handshake is not finished.  E.g. if Yaws is listen for SSL
> |   connections on port 443 and someone runs "telnet this.server 443"
> |   (note that this is not SSL-enabled telnet), then noone will be
> |   able to retreive web pages via this port until this connection
> |   will be closed.
> 
> Has anything happened in this regard?

In Nov 3, 2003 in response to Alexey's question I wrote:

	In Erlang/OTP SSL you can have several processes, each waiting for
	an ssl:accept/N on one and the the same port. That is needed to
	obtain acceptable (no pun intended) parallellism. 

	That it not practically possible with gen_tcp:accept/N (if you try
	it you will get an error return). I think gen_tcp should accept
	multiple accepts as well. 

That is, if you have the very simple approach with only one process
calling ssl:accept/1 in series, you will get the behaviour described. 

What you should do is to have several processes in parallel waiting for
the result of calling ssl:accept/1 (and spawning a new process when a
return is obtained).

Also, to avoid an indefinite wait for an accept call, and thus avoid
that a file descriptor will never be returned, you should use
ssl:accept/2 with timeout. 


/Peter

> Greetings,
> 
> Carsten
> 
> -- 
> Carsten Schultz (2:38, 33:47), FB Mathematik, FU Berlin
> http://carsten.codimi.de/
> PGP/GPG key on the pgp.net key servers, 
> fingerprint on my home page.
> 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: 
URL: <http://erlang.org/pipermail/erlang-questions/attachments/20040630/1765beba/attachment.bin>

More information about the erlang-questions mailing list