Am 30.03.2015 um 09:51 schrieb John Denker via RT: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Contrast the following two examples: > > #1: > time : | openssl s_client -connect www.openssl.org:443 >& /dev/null > > real 0m0.545s > user 0m0.000s > sys 0m0.000s > > #2: > time : | openssl s_client -quiet -connect www.openssl.org:443 >& /dev/null > > real 0m21.255s > user 0m9.500s > sys 0m11.180s > > - ----------- > > Note the numerology: 21.225 - 9.5 - 11.18 = 0.545 > That means that if you discount the half second it takes to actually > fetch the certificate, s_client was using 100% of the cpu the whole > time ... for more than 20 seconds. > > I cannot imagine why it loops when "-quiet" is specified and not > otherwise. I cannot imagine why it loops for 20.5 seconds instead > of 20.5 minutes or 20.5 hours. > > This is 100% reproducible chez moi, although the timings naturally > vary by a little bit. > > > (gdb) where > #0 0x00007ffff7903653 in __select_nocancel () at > ../sysdeps/unix/syscall-template.S:81 > #1 0x0000000000434d73 in s_client_main (argc=0, argv=0x7fffffffe680) at > s_client.c:1794 > #2 0x00000000004039a8 in do_cmd (prog=0x990540, argc=4, argv=0x7fffffffe660) > at openssl.c:470 > #3 0x00000000004035b8 in main (Argc=4, Argv=0x7fffffffe660) at openssl.c:366
That's maybe due to your chosen pipe shell construct. I can see the same behavior, if I choose to let s_client read from /dev/null and set "-quiet". It then loops trying to read from /dev/null, getting 0 bytes but not EOF back. Without -quiet this does not happen. More precisely it seems to happen with -ign_eof, which is set as a side effect of -quiet. Reading from /dev/null without -ign_eof lets s_client end immediately after the connect, with -ign_eof it hangs for 20 seconds (web server timeout?) and eats 1 CPU during that time doing a lot of reads from /dev/null. The behavior is probably due to the following code snippet in s_client: ... i = raw_read_stdin(cbuf, BUFSIZZ); if ((!c_ign_eof) && ((i <= 0) || (cbuf[0] == 'Q'))) { BIO_printf(bio_err, "DONE\n"); ret = 0; goto shut; } Here I expect i==0, so without -ign_eof the code breaks the loop and goes to "shut". So this probably works as designed and when just running openssl s_client -connect www.openssl.org:443 you shouldn't notice CPU hogging. Why -ign_eof is set as a side effect of -quiet I do not know. Regards, Rainer _______________________________________________ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev