feifeiiong opened a new issue #977: client端SSL相关问题。 URL: https://github.com/apache/incubator-brpc/issues/977 **Describe the bug (描述bug)** 最近某些服务在使用https过程中发现ssl有时会出现异常,具体表现在 socket.cpp中的DoRead函数(write也会有类似异常)。打印出 Fail to read from ssl_fd=id:Success 代码: ``` ssize_t nr = _read_buf.append_from_SSL_channel(_ssl_session, &ssl_error, size_hint); switch (ssl_error) { case SSL_ERROR_NONE: // `nr' > 0 break; case SSL_ERROR_WANT_READ: // Regard this error as EAGAIN errno = EAGAIN; break; case SSL_ERROR_WANT_WRITE: // Disable renegotiation errno = EPROTO; return -1; default: { const unsigned long e = ERR_get_error(); if (nr == 0) { // Socket EOF or SSL session EOF } else if (e != 0) { LOG(WARNING) << "Fail to read from ssl_fd=" << fd() << ": " << SSLError(e); errno = ESSL; } else { // System error with corresponding errno set PLOG(WARNING) << "Fail to read from ssl_fd=" << fd(); } break; } } return nr; ``` 因为未打印出错误码,无法定位Success是何种错误,此外,代码中似乎认为nr >0 一定对应了SSL_ERROR_NONE。不知道这种判断的依据是?发现ssl出现异常后,nr>0, 且errno = ESSL(),出现这种情况的原因暂时不确定,只能猜测是ssl context出现异常,且该异常出现后,后续ssl皆无法正常工作。因此想知道对这种异常应该如何处理?目前看Read和Write阶段均未判断这种情况,且都出现了类似的异常。 **To Reproduce (复现方法)** 未知。
---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: [email protected] With regards, Apache Git Services --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
