On 10.11.2012, at 12.44, Erik A Johnson wrote: > imap-login processes are hanging (using 100% of CPU) when connected from a > client that is partially blocked by a firewall. It appears that imap-login > is stuck in a loop trying to complete an ssl handshake. imap-login is > working fine for other clients not blocked by the firewall (including > localhost). > > This is dovecot 2.1.10 under Mac OS X 10.8.2 (compiled from sources); the > firewall is Little Snitch 3.0.1 blocking port 993, which appears to let the > connection initiate but then squashes and disconnects the socket during ssl > handshaking. > > gdb backtrace and Activity Monitor's "Sample Process" show that imap-login is > stuck calling ioloop-kqueue's io_loop_handler_run -> io_loop_call_io -> > ssl_step repeatedly; dtruss shows that it is repeatedly making system calls > to kevent and read, the latter returning -1 with errno 57=ENOTCONN="Socket is > not connected". (I also tried ./configure --with-ioloop=poll and > --with-iopoll=select instead of the default best = kqueue but the results > were the same; --with-iopoll=epoll didn't work because epoll is not available > on this machine.) The client, initiated by the command "openssl s_client > -connect SERVER:993", first responds "CONNECTED(00000003)" but then > immediately the error "60278:error:140790E5:SSL routines:SSL23_WRITE:ssl > handshake > failure:/SourceCache/OpenSSL098/OpenSSL098-44/src/ssl/s23_lib.c:182:". The > infinite loop is in src/lib/ioloop.c in the function "io_loop_run" where the > statement "while (ioloop->running) io_loop_handler_run(ioloop)" is executed.
I wonder if this fixes it? http://hg.dovecot.org/dovecot-2.1/rev/e95479f439aa
