From jb@REDACTED Fri Aug 26 15:24:10 2005 From: jb@REDACTED (Johan Bevemyr) Date: Fri, 26 Aug 2005 15:24:10 +0200 (CEST) Subject: Deadlock bug in ssl library Message-ID: <20050826.152410.41650369.jb@bevemyr.com> The deadlock occurs when the client sends lots of data to an erlang SSL server and the SSL server queries the SSL library for for example ssl:peername(). What happens is that the esock port program will try to write the data to the ssl_broker, and eventually block in write() and stay blocked until erlang has read the data. However, suppose you have the following situation. 1. A process recv: some data from the SSL socket and then proceeds without reading all data. 2. The esock port program blocks since it tries to write (it will not block right way since there are both read and write buffers on the TCP level on the socket between the ssl_broker and esock. 3. The same process as in 1 tries to read the peername from the SSL socket. This will cause the broker to send an GETPEERNAME request via the ssl_server to esock, and wait for the reply. Howerver esock cannot answer since it blocks in write() of the SSL data. All SSL traffic is blocked at this point and no further SSL processing can take place. The solution is to make the (proxy) socket between esock and the ssl_broker non-blocking (which appears to be the intention). Patch against r10-b4 lib/ssl/c_src/esock.c: 452a453 > SET_NONBLOCKING(proxysock); 988,990c989,991 < } else if (cc == 0) { < /* EOF proxy */ < DEBUGF(("proxy eof\n")); --- > } else { > /* EOF proxy or error */ > DEBUGF(("proxy eof or error\n")); 1000,1003d1000 < } else { < /* This should not happen */ < DEBUGF(("ERROR: proxy readmask set, cc < 0, fd = %d" < " proxyfd = %d\n", cp->fd, cp->proxy->fd)); /Johan and Martin From mbj@REDACTED Fri Aug 26 16:15:52 2005 From: mbj@REDACTED (mbj@REDACTED) Date: Fri, 26 Aug 2005 16:15:52 +0200 (CEST) Subject: Deadlock bug in ssl library In-Reply-To: <20050826.152410.41650369.jb@bevemyr.com> References: <20050826.152410.41650369.jb@bevemyr.com> Message-ID: <20050826.161552.88493755.mbj@bluetail.com> Here's a small program to reproduce the problem -module(s). -compile(export_all). %% illustrates ssl deadlock problem %% do s:d() in an erlang shell %% in a terminal shell, do %% openssl s_client -connect localhost:5432 < a-1-MB-file d() -> application:start(ssl), {ok, L} = ssl:listen(5432, [{active, false}, {certfile, "/home/share/mbj/src/yaws/ssl/cert.example"}, {keyfile, "/home/share/mbj/src/yaws/ssl/key.example"}]), {ok, S} = ssl:accept(L), {ok, Data} = ssl:recv(S, 0), io:format("got ~p bytes\n", [length(Data)]), timer:sleep(10000), {ok, PeerName} = ssl:peername(S), io:format("peername: ~p\n", [PeerName]), ssl:close(S), ssl:close(L). From erlang@REDACTED Fri Aug 26 16:44:00 2005 From: erlang@REDACTED (Inswitch Solutions) Date: Fri, 26 Aug 2005 11:44:00 -0300 Subject: Deadlock bug in ssl library References: <20050826.152410.41650369.jb@bevemyr.com> <20050826.161552.88493755.mbj@bluetail.com> Message-ID: <02af01c5aa4c$a713b450$4a00a8c0@Inswitch251> Hi, Which OS are you using? Some time ago I have had problems with the SSL port (ssl_esock) with Yaws in Win32 and when sending data to the server. Perhaps it's related with yours. By increasing the buffer size of the C/C++ port and with some other changes I've managed to work it out for small size data uploads. There're some postings in the list with the changes I made. Hope it helps. regards, Eduardo Prepaid Expertise - Programmable Switches Powered by Ericsson Licensed Technology Eng. Eduardo Figoli - Development Center - IN Switch Solutions Inc. Headquarters - Miami-U.S.A. Tel: 1305-3578076 Fax: 1305-7686260 Development Center - Montevideo - Uruguay Tel/Fax: 5982-7104457 e-mail: eduardo@REDACTED ----- Original Message ----- From: To: ; Sent: Friday, August 26, 2005 11:15 AM Subject: Re: Deadlock bug in ssl library > Here's a small program to reproduce the problem > > > -module(s). > -compile(export_all). > > %% illustrates ssl deadlock problem > > %% do s:d() in an erlang shell > %% in a terminal shell, do > %% openssl s_client -connect localhost:5432 < a-1-MB-file > > > d() -> > application:start(ssl), > {ok, L} = > ssl:listen(5432, > [{active, false}, > {certfile, "/home/share/mbj/src/yaws/ssl/cert.example"}, > {keyfile, "/home/share/mbj/src/yaws/ssl/key.example"}]), > {ok, S} = ssl:accept(L), > {ok, Data} = ssl:recv(S, 0), > io:format("got ~p bytes\n", [length(Data)]), > timer:sleep(10000), > {ok, PeerName} = ssl:peername(S), > io:format("peername: ~p\n", [PeerName]), > ssl:close(S), > ssl:close(L). > -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: image001.gif Type: image/gif Size: 1429 bytes Desc: not available URL: