Copilot commented on code in PR #3296:
URL: https://github.com/apache/brpc/pull/3296#discussion_r3234680121
##########
src/brpc/socket.cpp:
##########
@@ -2004,20 +2025,32 @@ int Socket::SSLHandshake(int fd, bool server_mode) {
switch (ssl_error) {
case SSL_ERROR_WANT_READ:
#if defined(OS_LINUX)
- if (bthread_fd_wait(fd, EPOLLIN) != 0) {
+ if (bthread_fd_timedwait(fd, EPOLLIN, abstime) != 0) {
#elif defined(OS_MACOSX)
- if (bthread_fd_wait(fd, EVFILT_READ) != 0) {
+ if (bthread_fd_timedwait(fd, EVFILT_READ, abstime) != 0) {
#endif
+ if (errno == ETIMEDOUT) {
+ LOG(WARNING) << "SSL handshake timed out after "
+ << handshake_timeout_ms
+ << "ms while waiting for peer data on fd="
+ << fd << " remote_side=" << _remote_side;
Review Comment:
On handshake timeout, `bthread_fd_timedwait` leaves `errno=ETIMEDOUT`, and
SSLHandshake returns -1. In the client connect path, ETIMEDOUT is treated as a
TCP connect timeout and contributes to `num_continuous_connect_timeouts`
(potentially being translated to ENETUNREACH). Consider mapping SSL handshake
timeouts to a distinct error (or otherwise preventing them from being counted
as connect timeouts) to avoid misclassifying TLS misconfiguration as network
reachability failures.
This issue also appears on line 2048 of the same file.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
