Hi Grant,
On 05/06/2017 12:41 AM, Grant Zhang wrote:
> Hi Emeric,
>
> Thanks for your review! Please see the updated patches and let me know if
> your comments have been properly addressed.
>
> Thanks,
>
> Grant
>
>
>
>
>
>
>
>> On May 2, 2017, at 04:49, Emeric Brun <[email protected]> wrote:
>>
>> Hi Grant,
>>
>>
>> An other issue:
>>
>> static void ssl_sock_close(struct connection *conn) {
>>
>> if (conn->xprt_ctx) {
>> if (global_ssl.async) {
>> /* the async fd is created and owned by the SSL
>> engine, which is
>> * responsible for fd closure. Here we are done with
>> the async fd
>> * thus disable the polling on it, as well as clean
>> up fdtab entry.
>> */
>> fd_stop_both(conn->async_fd);
>> fdtab[conn->async_fd].async = 0;
>> fdtab[conn->async_fd].state = 0;
>> }
>>
>>
>> If yout configure ssl-async without an engine or filtering on a unused algo.
>> This code is
>> called with an uninitialized conn->async_fd, resulting some of the time with
>> a segfault.
>>
>> R,
>> Emeric
>
The issue is still there:
+#if OPENSSL_VERSION_NUMBER >= 0x1010000fL
+ if (openssl_engines_initialized && global_ssl.async) {
+ /* the async fd is created and owned by the SSL engine,
which is
+ * responsible for fd closure. Here we are done with
the async fd
+ * thus disable the polling on it, as well as clean up
fdtab entry.
+ */
+ fd_stop_both(conn->async_fd);
+ fdtab[conn->async_fd].async = 0;
+ fdtab[conn->async_fd].state = 0;
+ }
+#endif
If no WANT_ASYNC is returned, the 'conn->async_fd' could remain uninitialized
(for instance a conn witch doesn't use algo provided by the engine). A fix
would be to initialize global_ssl.async to '-1' and to test it.
I still have the daemonize issue: the main process stalled on a futex if dh
param 2048 is set:
global
tune.ssl.default-dh-param 2048
R,
Emeric
