Am 30.03.2015 um 09:51 schrieb John Denker via RT:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Contrast the following two examples:

#1:
time : | openssl s_client -connect www.openssl.org:443  >& /dev/null

real    0m0.545s
user    0m0.000s
sys     0m0.000s

#2:
time : | openssl s_client -quiet -connect www.openssl.org:443  >& /dev/null

real    0m21.255s
user    0m9.500s
sys     0m11.180s

- -----------

Note the numerology:   21.225 - 9.5 - 11.18 =  0.545
That means that if you discount the half second it takes to actually
fetch the certificate, s_client was using 100% of the cpu the whole
time ... for more than 20 seconds.

I cannot imagine why it loops when "-quiet" is specified and not
otherwise.  I cannot imagine why it loops for 20.5 seconds instead
of 20.5 minutes or 20.5 hours.

This is 100% reproducible chez moi, although the timings naturally
vary by a little bit.


(gdb) where
#0  0x00007ffff7903653 in __select_nocancel () at 
../sysdeps/unix/syscall-template.S:81
#1  0x0000000000434d73 in s_client_main (argc=0, argv=0x7fffffffe680) at 
s_client.c:1794
#2  0x00000000004039a8 in do_cmd (prog=0x990540, argc=4, argv=0x7fffffffe660) 
at openssl.c:470
#3  0x00000000004035b8 in main (Argc=4, Argv=0x7fffffffe660) at openssl.c:366

That's maybe due to your chosen pipe shell construct. I can see the same behavior, if I choose to let s_client read from /dev/null and set "-quiet". It then loops trying to read from /dev/null, getting 0 bytes but not EOF back. Without -quiet this does not happen. More precisely it seems to happen with -ign_eof, which is set as a side effect of -quiet.

Reading from /dev/null without -ign_eof lets s_client end immediately after the connect, with -ign_eof it hangs for 20 seconds (web server timeout?) and eats 1 CPU during that time doing a lot of reads from /dev/null.

The behavior is probably due to the following code snippet in s_client:

...
                i = raw_read_stdin(cbuf, BUFSIZZ);

            if ((!c_ign_eof) && ((i <= 0) || (cbuf[0] == 'Q'))) {
                BIO_printf(bio_err, "DONE\n");
                ret = 0;
                goto shut;
            }

Here I expect i==0, so without -ign_eof the code breaks the loop and goes to "shut".

So this probably works as designed and when just running

openssl s_client -connect www.openssl.org:443

you shouldn't notice CPU hogging. Why -ign_eof is set as a side effect of -quiet I do not know.

Regards,

Rainer
_______________________________________________
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Reply via email to