[
https://issues.apache.org/jira/browse/TS-3667?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14635307#comment-14635307
]
Susan Hinrichs commented on TS-3667:
------------------------------------
Thanks for the explanation. I think I understand the issue now however I'm
unable to replicate it. Does your cert/sni callback reenable? Or do you rely
on another thread to reenable the vc after the cert has been loaded?
I can see your argument that SSL_accept should be called in the EAGAIN case.
Just because there is no new data to read doesn't mean that there isn't new
data to send. But in the EOF and other read error cases, I don't see a benefit
to going through SSL_accept.
Would the following patch work for you [~oknet]?
{code}
diff --git a/iocore/net/SSLNetVConnection.cc b/iocore/net/SSLNetVConnection.cc
index e06f749..e5339a2 100644
--- a/iocore/net/SSLNetVConnection.cc
+++ b/iocore/net/SSLNetVConnection.cc
@@ -1074,16 +1074,10 @@ SSLNetVConnection::sslServerHandShakeEvent(int &err)
// Read from socket to fill in the BIO buffer with the
// raw handshake data before calling the ssl accept calls.
int retval = this->read_raw_data();
- if (retval < 0) {
- if (retval == -EAGAIN) {
- // No data at the moment, hang tight
- SSLDebugVC(this, "SSL handshake: EAGAIN");
- return SSL_HANDSHAKE_WANT_READ;
- } else {
- // An error, make us go away
- SSLDebugVC(this, "SSL handshake error: read_retval=%d", retval);
- return EVENT_ERROR;
- }
+ if (retval < 0 && retval != -EAGAIN) {
+ // An error, make us go away
+ SSLDebugVC(this, "SSL handshake error: read_retval=%d", retval);
+ return EVENT_ERROR;
} else if (retval == 0) {
// EOF, go away, we stopped in the handshake
SSLDebugVC(this, "SSL handshake error: EOF");
{code}
> SSL Handhake read does not correctly handle EOF and error cases
> ---------------------------------------------------------------
>
> Key: TS-3667
> URL: https://issues.apache.org/jira/browse/TS-3667
> Project: Traffic Server
> Issue Type: Bug
> Components: SSL
> Affects Versions: 5.2.0, 5.3.0
> Reporter: Susan Hinrichs
> Assignee: Susan Hinrichs
> Fix For: 5.3.1, 6.0.0
>
> Attachments: ts-3667.diff
>
>
> Reported by [~esproul] and postwait.
> The return value of SSLNetVConnection::read_raw_data() is being ignored. So
> EOF and errors are not terminated, but rather spin until the inactivity
> timeout is reached. EAGAIN is not being descheduled until more data is
> available.
> This results in higher CPU utilization and hitting the SSL_error() function
> much more than it needs to be hit.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
