Skip Menu |
 

This queue is for tickets about the IO-Socket-SSL CPAN distribution.

Report information
The Basics
Id: 61466
Status: resolved
Priority: 0/
Queue: IO-Socket-SSL

People
Owner: Nobody in particular
Requestors: kraih [...] cpan.org
Cc:
AdminCc:

Bug Information
Severity: Critical
Broken in: 1.33
Fixed in: (no value)



Subject: fileno($socket) not working
MIME-Version: 1.0
Content-Type: text/plain; charset="UTF-8"
X-Mailer: MIME-tools 5.427 (Entity 5.427)
Content-Disposition: inline
Content-Transfer-Encoding: binary
X-RT-Original-Encoding: utf-8
Content-Length: 494
Download (untitled) / with headers
text/plain 494b
Hi, fileno($socket) doesn't work after $socket->accept_SSL fails with an error (like a bad handshake). This in turn seems to break IO::Poll which only removes handles that return something else than undef on fileno($socket). $socket->fileno still works btw. but that doesn't help with the IO::Poll problem. In Mojolicious the whole issue results in leaking file descriptors, 100% cpu usage and crashing servers, a quick fix or workaround would be very much appreciated. Cheers, Sebastian
From Steffen_Ullrich [...] genua.de Mon Sep 20 01: 36:00 2010
MIME-Version: 1.0
X-Spam-Status: No, score=-10.598 tagged_above=-99.9 required=10 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_HI=-8, UNPARSEABLE_RELAY=0.001] autolearn=ham
In-Reply-To: <rt-3.8.HEAD-24883-1284931786-1473.61466-4-0 [...] rt.cpan.org>
Content-Disposition: inline
X-Spam-Flag: NO
References: <RT-Ticket-61466 [...] rt.cpan.org> <rt-3.8.HEAD-24883-1284931786-1473.61466-4-0 [...] rt.cpan.org>
X-Virus-Scanned: Debian amavisd-new at bestpractical.com
Message-ID: <20100920053840.GA11591 [...] genua.de>
Content-Type: text/plain; charset="utf-8"
X-RT-Original-Encoding: utf-8
X-Spam-Score: -10.598
Received: from localhost (localhost [127.0.0.1]) by hipster.bestpractical.com (Postfix) with ESMTP id 9FF19240CE9 for <cpan-bug+IO-Socket-SSL [...] hipster.bestpractical.com>; Mon, 20 Sep 2010 01:36:00 -0400 (EDT)
Received: from hipster.bestpractical.com ([127.0.0.1]) by localhost (hipster.bestpractical.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id B93TtdPli8KM for <cpan-bug+IO-Socket-SSL [...] hipster.bestpractical.com>; Mon, 20 Sep 2010 01:35:57 -0400 (EDT)
Received: from la.mx.develooper.com (x1.develooper.com [207.171.7.70]) by hipster.bestpractical.com (Postfix) with SMTP id 3E343240CE6 for <bug-IO-Socket-SSL [...] rt.cpan.org>; Mon, 20 Sep 2010 01:35:56 -0400 (EDT)
Received: (qmail 11764 invoked by uid 103); 20 Sep 2010 05:39:00 -0000
Received: from x16.dev (10.0.100.26) by x1.dev with QMQP; 20 Sep 2010 05:39:00 -0000
Received: from gg.genua.de (HELO gg.genua.de) (151.136.100.2) by 16.mx.develooper.com (qpsmtpd/0.80) with ESMTP; Sun, 19 Sep 2010 22:38:58 -0700
Received: from gg.genua.de (localhost [127.0.0.1]) by gg.genua.de (8.14.3/8.14.3) with ESMTP id o8K5h2g9012013 for <bug-IO-Socket-SSL [...] rt.cpan.org>; Mon, 20 Sep 2010 07:43:02 +0200 (CEST)
Received: (from localhost) by gg.genua.de (MSCAN) id 4/gg.genua.de/smtp-gw/mscan; Mon Sep 20 07:43:02 2010
Delivered-To: cpan-bug+IO-Socket-SSL [...] hipster.bestpractical.com
Subject: Re: [rt.cpan.org #61466] fileno($socket) not working
User-Agent: Mutt/1.5.20 (2009-06-14)
Return-Path: <Steffen_Ullrich [...] genua.de>
X-Spam-Check-BY: 16.mx.develooper.com
X-Original-To: cpan-bug+IO-Socket-SSL [...] hipster.bestpractical.com
X-RT-Mail-Extension: io-socket-ssl
Date: Mon, 20 Sep 2010 07:38:41 +0200
X-Spam-Level:
To: Sebastian Riedel via RT <bug-IO-Socket-SSL [...] rt.cpan.org>
From: Steffen Ullrich <Steffen_Ullrich [...] genua.de>
RT-Message-ID: <rt-3.8.HEAD-24883-1284961145-1426.61466-0-0 [...] rt.cpan.org>
Content-Length: 1386
Download (untitled) / with headers
text/plain 1.3k
Show quoted text
> > fileno($socket) doesn't work after $socket->accept_SSL fails with an error (like a bad > handshake). > This in turn seems to break IO::Poll which only removes handles that return something else than > undef on fileno($socket).
Please give an example program to reproduce the error, because in the following test program I cannot reproduce the error, e.g. both sock->fileno and fileno(sock) return the same valid value. Please make sure that the example program is as small as possible so that I can better verify that the problem is in IO::Socket::SSL and not some third party library or bad usage etc. ------- use strict; use warnings; use IO::Socket::SSL; # create Server on random port my $srv = IO::Socket::INET->new( LocalAddr => '0.0.0.0', Listen => 10 ) or die $!; my $saddr = $srv->sockhost.':'.$srv->sockport; # fork client defined(my $pid = fork()) or die $!; exit(client()) if $pid == 0; # wait for connect my $cl = $srv->accept; # try upgrade to SSL IO::Socket::SSL->start_SSL($cl, SSL_server => 1, SSL_verify_mode => 0x00, ) or warn $SSL_ERROR; warn 'fileno($cl)='.fileno($cl); warn '$cl->fileno='.$cl->fileno; # wait for client end wait; sub client { close($srv); # connect my $cl = IO::Socket::INET->new($saddr) or die $!; # just send stuff to let SSL handshake fail syswrite($cl,'x' x 1000) or die $!; # wait a bit before closing sleep(5); }
MIME-Version: 1.0
In-Reply-To: <rt-3.8.HEAD-24883-1284961145-1426.61466-0-0 [...] rt.cpan.org>
X-Mailer: MIME-tools 5.427 (Entity 5.427)
Content-Disposition: inline
References: <RT-Ticket-61466 [...] rt.cpan.org> <rt-3.8.HEAD-24883-1284931786-1473.61466-4-0 [...] rt.cpan.org> <20100920053840.GA11591 [...] genua.de> <rt-3.8.HEAD-24883-1284961145-1426.61466-0-0 [...] rt.cpan.org>
Content-Type: text/plain; charset="UTF-8"
Message-ID: <rt-3.8.HEAD-24873-1284966231-845.61466-0-0 [...] rt.cpan.org>
Content-Transfer-Encoding: binary
X-RT-Original-Encoding: utf-8
Content-Length: 517
Download (untitled) / with headers
text/plain 517b
Show quoted text
> Please give an example program to reproduce the error, because in the > following test program I cannot reproduce the error, e.g. both sock-
> >fileno
> and fileno(sock) return the same valid value.
Ok, i suspect the bug is related to non-blocking use then. I'll try to make a small test case but i guess it won't be easy, non-blocking tests seem quite sparse. In our code i've identified the exact line after which fileno($socket) stops working. http://github.com/kraih/mojo/blob/master/lib/Mojo/IOLoop.pm#L1124
MIME-Version: 1.0
X-Mailer: MIME-tools 5.427 (Entity 5.427)
Content-Disposition: inline
Content-Type: text/plain; charset="UTF-8"
Message-ID: <rt-3.8.HEAD-24885-1284967382-579.61466-0-0 [...] rt.cpan.org>
Content-Transfer-Encoding: binary
X-RT-Original-Encoding: utf-8
Content-Length: 713
Download (untitled) / with headers
text/plain 713b
Just tried the test you posted before and it actually fails here for both fileno($socket) and $socket->fileno. SSL accept attempt failed with unknown errorerror:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol at sslbug.pl line 19. Use of uninitialized value in concatenation (.) or string at sslbug.pl line 26. fileno($cl)= at sslbug.pl line 26. Use of uninitialized value in concatenation (.) or string at sslbug.pl line 27. $cl->fileno= at sslbug.pl line 27. Only changes i've made were SSL_cert_file and SSL_key_file. (Using the bundled Mojo::IOLoop certificates) This is Mac OS X 10.6.4 with Perl 5.12.0 and the latest cpan versions of IO::Socket::SSL and Net::SSLeay.
From Steffen_Ullrich [...] genua.de Mon Sep 20 03: 24:07 2010
MIME-Version: 1.0
X-Spam-Status: No, score=-10.598 tagged_above=-99.9 required=10 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_HI=-8, UNPARSEABLE_RELAY=0.001] autolearn=ham
In-Reply-To: <rt-3.8.HEAD-24873-1284966231-855.61466-5-0 [...] rt.cpan.org>
Content-Disposition: inline
X-Spam-Flag: NO
References: <RT-Ticket-61466 [...] rt.cpan.org> <rt-3.8.HEAD-24883-1284931786-1473.61466-4-0 [...] rt.cpan.org> <20100920053840.GA11591 [...] genua.de> <rt-3.8.HEAD-24883-1284961145-1426.61466-5-0 [...] rt.cpan.org> <rt-3.8.HEAD-24873-1284966231-855.61466-5-0 [...] rt.cpan.org>
X-Virus-Scanned: Debian amavisd-new at bestpractical.com
Message-ID: <20100920072650.GA14130 [...] genua.de>
Content-Type: text/plain; charset="utf-8"
X-RT-Original-Encoding: utf-8
X-Spam-Score: -10.598
Received: from localhost (localhost [127.0.0.1]) by hipster.bestpractical.com (Postfix) with ESMTP id 13E7E240CE9 for <cpan-bug+IO-Socket-SSL [...] hipster.bestpractical.com>; Mon, 20 Sep 2010 03:24:07 -0400 (EDT)
Received: from hipster.bestpractical.com ([127.0.0.1]) by localhost (hipster.bestpractical.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id VrvHlRDCXFx0 for <cpan-bug+IO-Socket-SSL [...] hipster.bestpractical.com>; Mon, 20 Sep 2010 03:24:05 -0400 (EDT)
Received: from la.mx.develooper.com (x1.develooper.com [207.171.7.70]) by hipster.bestpractical.com (Postfix) with SMTP id 00C08240CE6 for <bug-IO-Socket-SSL [...] rt.cpan.org>; Mon, 20 Sep 2010 03:24:04 -0400 (EDT)
Received: (qmail 26306 invoked by uid 103); 20 Sep 2010 07:27:08 -0000
Received: from x16.dev (10.0.100.26) by x1.dev with QMQP; 20 Sep 2010 07:27:08 -0000
Received: from gg.genua.de (HELO gg.genua.de) (151.136.100.2) by 16.mx.develooper.com (qpsmtpd/0.80) with ESMTP; Mon, 20 Sep 2010 00:27:06 -0700
Received: from gg.genua.de (localhost [127.0.0.1]) by gg.genua.de (8.14.3/8.14.3) with ESMTP id o8K7VBGE028489 for <bug-IO-Socket-SSL [...] rt.cpan.org>; Mon, 20 Sep 2010 09:31:11 +0200 (CEST)
Received: (from localhost) by gg.genua.de (MSCAN) id 4/gg.genua.de/smtp-gw/mscan; Mon Sep 20 09:31:11 2010
Delivered-To: cpan-bug+IO-Socket-SSL [...] hipster.bestpractical.com
Subject: Re: [rt.cpan.org #61466] fileno($socket) not working
User-Agent: Mutt/1.5.20 (2009-06-14)
Return-Path: <Steffen_Ullrich [...] genua.de>
X-Spam-Check-BY: 16.mx.develooper.com
X-Original-To: cpan-bug+IO-Socket-SSL [...] hipster.bestpractical.com
X-RT-Mail-Extension: io-socket-ssl
Date: Mon, 20 Sep 2010 09:26:51 +0200
X-Spam-Level:
To: Sebastian Riedel via RT <bug-IO-Socket-SSL [...] rt.cpan.org>
From: Steffen Ullrich <Steffen_Ullrich [...] genua.de>
RT-Message-ID: <rt-3.8.HEAD-24888-1284967632-631.61466-0-0 [...] rt.cpan.org>
Content-Length: 731
Download (untitled) / with headers
text/plain 731b
Show quoted text
> Ok, i suspect the bug is related to non-blocking use then. > I'll try to make a small test case but i guess it won't be easy, non-blocking tests seem quite > sparse.
If I change in my test program the verify_mode to 0x01 or 0x02 both fileno(sock) and sock->fileno will be undef. It might be the case in your code, that fileno is still cached in _SSL_fileno but not valid any more. The reason is, that a failed accept_SSL might call ssl_fatal_error which will call kill_socket to close the socket unless you have provided an SSL_error_trap handler. So I guess what you need to do in your code is to provide an SSL_error_trap handler which removes the failed socket from the IOLoop before closing the socket. Regards, Steffen
MIME-Version: 1.0
In-Reply-To: <rt-3.8.HEAD-24888-1284967632-631.61466-0-0 [...] rt.cpan.org>
X-Mailer: MIME-tools 5.427 (Entity 5.427)
Content-Disposition: inline
References: <RT-Ticket-61466 [...] rt.cpan.org> <rt-3.8.HEAD-24883-1284931786-1473.61466-4-0 [...] rt.cpan.org> <20100920053840.GA11591 [...] genua.de> <rt-3.8.HEAD-24883-1284961145-1426.61466-5-0 [...] rt.cpan.org> <rt-3.8.HEAD-24873-1284966231-855.61466-5-0 [...] rt.cpan.org> <20100920072650.GA14130 [...] genua.de> <rt-3.8.HEAD-24888-1284967632-631.61466-0-0 [...] rt.cpan.org>
Content-Type: text/plain; charset="UTF-8"
Message-ID: <rt-3.8.HEAD-24873-1284970271-530.61466-0-0 [...] rt.cpan.org>
Content-Transfer-Encoding: binary
X-RT-Original-Encoding: utf-8
Content-Length: 328
Download (untitled) / with headers
text/plain 328b
Show quoted text
> So I guess what you need to do in your code is to provide an > SSL_error_trap > handler which removes the failed socket from the IOLoop before closing > the socket.
Thanks, worked like a charm, no chance i would have found this by myself. Disappearing sockets seem a bit wonky, but at least it's fixable, so i'm happy now. :)
MIME-Version: 1.0
In-Reply-To: <rt-3.8.HEAD-24873-1284970271-530.61466-0-0 [...] rt.cpan.org>
X-Mailer: MIME-tools 5.427 (Entity 5.427)
Content-Disposition: inline
References: <RT-Ticket-61466 [...] rt.cpan.org> <rt-3.8.HEAD-24883-1284931786-1473.61466-4-0 [...] rt.cpan.org> <20100920053840.GA11591 [...] genua.de> <rt-3.8.HEAD-24883-1284961145-1426.61466-5-0 [...] rt.cpan.org> <rt-3.8.HEAD-24873-1284966231-855.61466-5-0 [...] rt.cpan.org> <20100920072650.GA14130 [...] genua.de> <rt-3.8.HEAD-24888-1284967632-631.61466-0-0 [...] rt.cpan.org> <rt-3.8.HEAD-24873-1284970271-530.61466-0-0 [...] rt.cpan.org>
Content-Type: text/plain; charset="UTF-8"
Message-ID: <rt-3.8.HEAD-2357-1288601791-1736.61466-0-0 [...] rt.cpan.org>
Content-Transfer-Encoding: binary
X-RT-Original-Encoding: utf-8
Content-Length: 238
Download (untitled) / with headers
text/plain 238b
starting with version 1.34 the socket will not be closed after start_SSL failed, it will just be downgraded and then work like a non-ssl socket again. This will not change the behavior with SSL_error_trap, so your code should still work.


This service is sponsored and maintained by Best Practical Solutions and runs on Perl.org infrastructure.

Please report any issues with rt.cpan.org to rt-cpan-admin@bestpractical.com.