#45808 [Com]: stream_socket_enable_crypto() blocks and eats CPU

[nasam at mailvault dot com]

 ID:               45808
 Comment by:       nasam at mailvault dot com
 Reported By:      six at aegis-corp dot org
 Status:           Open
 Bug Type:         Streams related
 Operating System: Linux 2.6
 PHP Version:      5.3.0alpha1
 New Comment:

Bug is in ext/openssl/xp_ssl.c
Function handle_ssl_error: (line 107)
case SSL_ERROR_WANT_READ:
case SSL_ERROR_WANT_WRITE:
       /* re-negotiation, or perhaps the SSL layer needs more
       * packets: retry in next iteration */
       errno = EAGAIN;
       retry = is_init ? 1 : sslsock->s.is_blocked; //BUG
       break;

it sets retry to 1 in php_openssl_enable_crypto no matter if socket is
blocking or not.


Previous Comments:
------------------------------------------------------------------------

[2008-09-25 10:06:09] six at aegis-corp dot org

the bug is still present in php5.3-200809232030

------------------------------------------------------------------------

[2008-09-24 01:20:29] six at aegis-corp dot org

the bug is still present in php5.3-200809232030

------------------------------------------------------------------------

[2008-09-23 01:00:00] php-bugs at lists dot php dot net

No feedback was provided for this bug for over a week, so it is
being suspended automatically. If you are able to provide the
information that was originally requested, please do so and change
the status of the bug back to "Open".

------------------------------------------------------------------------

[2008-09-15 07:22:44] [EMAIL PROTECTED]

Please try using this CVS snapshot:

  http://snaps.php.net/php5.3-latest.tar.gz
 
For Windows (zip):
 
  http://snaps.php.net/win32/php5.3-win32-latest.zip

For Windows (installer):

  http://snaps.php.net/win32/php5.3-win32-installer-latest.msi



------------------------------------------------------------------------

[2008-08-13 17:41:01] six at aegis-corp dot org

Description:
------------
The documentation says about stream_socket_enable_crypto :

Returns TRUE on success, FALSE if negotiation has failed or 0 if there
isn't enough data and you should try again (only for non-blocking
sockets). 

In practice, if you feed a non blocking server socket to it, it will
block and consume lots of CPU until the SSL/TLS handshake is done or the
client connection is dropped.

Reproduce code:
---------------
<?php

$s = stream_socket_server("tcp://127.0.0.1:8888");
$c = stream_socket_accept($s);
stream_set_blocking($c, false);

$ret = stream_socket_enable_crypto($c, true,
STREAM_CRYPTO_METHOD_TLS_SERVER);

var_dump($ret);

?>

then just "telnet localhost 8888" from another term

Expected result:
----------------
script should print "int(0)" and exit

Actual result:
--------------
script blocks at the stream_socket_enable_crypto() call and is stuck in
a CPU consuming loop until the client connection is either handshaked or
dropped.


------------------------------------------------------------------------


-- 
Edit this bug report at http://bugs.php.net/?id=45808&edit=1