Re: SSL3_accept makes Server stuck
Jinsong Du wrote: I have a simple server using blocked socket and OpenSSL, its only function is for user registering an account. When an user connect to this server, it spawns a child process to handle the request. I found sometime child processes got stuck. The problem here is that what if 2 users connects at the same moment (at TCP level). But only one of them completes the SSL hello sequence ? If the one that didn't complete the SSL hello sequence got to be serviced by ssl3_accept() first then you will find the other users (and any subsequent users will be straved of CPU time to service their connection). This is because your parent process is blocked expecting to process TCP data (that never arrives). The problem is application design, you need to seperate the processing of TCP level socket processing on accept from SSL level socket processing on accept. Darryl __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
RE: SSL3_accept makes Server stuck
Jinsong Du wrote: I have a simple server using blocked socket and OpenSSL, its only function is for user registering an account. When an user connect to this server, it spawns a child process to handle the request. I found sometime child processes got stuck. The problem here is that what if 2 users connects at the same moment (at TCP level). But only one of them completes the SSL hello sequence ? If the one that didn't complete the SSL hello sequence got to be serviced by ssl3_accept() first then you will find the other users (and any subsequent users will be straved of CPU time to service their connection). This is because your parent process is blocked expecting to process TCP data (that never arrives). The problem is application design, you need to seperate the processing of TCP level socket processing on accept from SSL level socket processing on accept. This is an interesting gotcha that should probably be added everyone's mental list of ways that OpenSSL connections are different from normal TCP connections. It's tempting to say to the OP Well, duh, blocking functions block. You shouldn't call a blocking function if there's anything else you might need to do. But the OP can simply respond Accepting SSL connections on that socket is the only thing I want to do. So the quirk is that SSL_accept, unlike a normal accept, can block indefinitely even though a new connection could be accepted without blocking. It can get 'stuck on the slow connection' even if there are fast connections. Arguably, this makes a blocking SSL_accept nearly useless. DS __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: SSL3_accept makes Server stuck
Kyle is right, I didn't set SO_KEEPALIVE on the socket in my server. Do I have to set SO_KEEPALIVE to avoid this situation in server side? Since I use select in the main loop to deal with time out situation, is there any other way to prevent OpenSSL library to wait for reading a socket indefinitely? Thanks -J Du On Tue, Aug 5, 2008 at 2:11 PM, Kyle Hamilton [EMAIL PROTECTED] wrote: Because no data has been transmitted on the socket, the client didn't send an RST, and SO_KEEPALIVE wasn't set on the socket. -Kyle H __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: SSL3_accept makes Server stuck
Put your sockets into nonblocking mode (with fcntl()). If they would block and you try to read them, the system call will return with EWOULDBLOCK. Other than that, you can set an alarm; a signal will interrupt a system call. You might wish to set your signal handler to be a function that resets itself as the signal handler for SIGALRM and returns, because: a) the default action for SIGALRM is to terminate the process b) some UNIX implementations clear or disable the signal handler when the signal is raised You should, of course, clear and reset the alarm after you read the data, so that the timeout is per-read and not per-process. -Kyle H On Thu, Aug 7, 2008 at 2:36 PM, Du, Jinsong [EMAIL PROTECTED] wrote: Kyle is right, I didn't set SO_KEEPALIVE on the socket in my server. Do I have to set SO_KEEPALIVE to avoid this situation in server side? Since I use select in the main loop to deal with time out situation, is there any other way to prevent OpenSSL library to wait for reading a socket indefinitely? Thanks -J Du On Tue, Aug 5, 2008 at 2:11 PM, Kyle Hamilton [EMAIL PROTECTED] wrote: Because no data has been transmitted on the socket, the client didn't send an RST, and SO_KEEPALIVE wasn't set on the socket. -Kyle H __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: SSL3_accept makes Server stuck
Hi Urjit, Unfortunately, I can't reach the computers with problem when running the client software, I don't even know where they are. I just checked the server, and the stuck process is still there, running more than two weeks: 20743 jdu./reg_mpt 14-18:43:57 #ls /proc/20743/fd/ -l total 4 lr-x-- 1 jdu jdu 64 2008-08-05 08:00 0 - /dev/null l-wx-- 1 jdu jdu 64 2008-08-05 08:00 1 - /home/. l-wx-- 1 jdu jdu 64 2008-08-05 08:00 2 - /home/. lrwx-- 1 jdu jdu 64 2008-08-05 08:00 4 - socket:[210395564] After # lsof | grep 20743 reg_mpt 20743jdu0r CHR 1,3 861 /dev/null reg_mpt 20743jdu1w REG 9,3 32814994 6784 /home/. reg_mpt 20743jdu2w REG 9,3 32814994 6784 /home/. reg_mpt 20743jdu4u IPv4 210395564 TCP xxx.xxx.net:17117-2x.9x.x0.x0.xxx.xxx.xxx.xxx:19048 (ESTABLISHED) I don't think that socket connection is still there, but why the Linux is not aware of the broken socket connection? On Sun, Aug 3, 2008 at 10:20 PM, Urjit Gokhale [EMAIL PROTECTED] wrote: Looks like the server doesn't even get the Client hello message. Did you check the state of your client. Is it stuck in SSL_connect (it should be, I believe)? where is it stuck ? use s_client / s_server applications (comes with openssl.), if possible to figure out the issue. You may wish to use strace or like to figure out what calls your client/server make. This may hint towards the problem. Let us know what you get, and we might be able to help you further. ~ Urjit - Original Message - From: Jinsong Du [EMAIL PROTECTED] To: openssl-users@openssl.org Sent: Friday, August 01, 2008 4:07 AM Subject: SSL3_accept makes Server stuck (I sent the following post through Google Group, but it seems not appear on the maillist) Hi all, I have a simple server using blocked socket and OpenSSL, its only function is for user registering an account. When an user connect to this server, it spawns a child process to handle the request. I found sometime child processes got stuck. I checked these malfunctioned process with gdb, and got the following output: (gdb) bt #0 0x2b80dffd7352 in read () from /lib/libc.so.6 #1 0x2b80de4160a1 in BIO_new_socket () from /usr/lib/libcrypto.so.0.9.8 #2 0x2b80de41449f in BIO_read () from /usr/lib/libcrypto.so.0.9.8 #3 0x2b80de23d57d in ssl3_read_n () from /usr/lib/libssl.so.0.9.8 #4 0x2b80de23dabd in ssl3_read_bytes () from /usr/lib/libssl.so.0.9.8 #5 0x2b80de23e795 in ssl3_get_message () from /usr/lib/libssl.so.0.9.8 #6 0x2b80de2340aa in ssl3_check_client_hello () from /usr/lib/libssl.so.0.9.8 #7 0x2b80de236855 in ssl3_accept () from /usr/lib/libssl.so.0.9.8 #8 0x00437945 in main () seems like during the function call of ssl3_accept(), server waits for hand-shaking packet from user machine, but never get it. Or maybe the user machine was cut off from Internet accidentally, so server never got any hint, still wait for input. The socket is blocked one. Anyone has any idea about this situation? Thanks in advance. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] DISCLAIMER == This e-mail may contain privileged and confidential information which is the property of Persistent Systems Ltd. It is intended only for the use of the individual or entity to which it is addressed. If you are not the intended recipient, you are not authorized to read, retain, copy, print, distribute or use this message. If you have received this communication in error, please notify the sender and delete all copies of this message. Persistent Systems Ltd. does not accept any liability for virus infected mails. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: SSL3_accept makes Server stuck
Because no data has been transmitted on the socket, the client didn't send an RST, and SO_KEEPALIVE wasn't set on the socket. -Kyle H On Tue, Aug 5, 2008 at 10:19 AM, Du, Jinsong [EMAIL PROTECTED] wrote: Hi Urjit, Unfortunately, I can't reach the computers with problem when running the client software, I don't even know where they are. I just checked the server, and the stuck process is still there, running more than two weeks: 20743 jdu./reg_mpt 14-18:43:57 #ls /proc/20743/fd/ -l total 4 lr-x-- 1 jdu jdu 64 2008-08-05 08:00 0 - /dev/null l-wx-- 1 jdu jdu 64 2008-08-05 08:00 1 - /home/. l-wx-- 1 jdu jdu 64 2008-08-05 08:00 2 - /home/. lrwx-- 1 jdu jdu 64 2008-08-05 08:00 4 - socket:[210395564] After # lsof | grep 20743 reg_mpt 20743jdu0r CHR 1,3 861 /dev/null reg_mpt 20743jdu1w REG 9,3 32814994 6784 /home/. reg_mpt 20743jdu2w REG 9,3 32814994 6784 /home/. reg_mpt 20743jdu4u IPv4 210395564 TCP xxx.xxx.net:17117-2x.9x.x0.x0.xxx.xxx.xxx.xxx:19048 (ESTABLISHED) I don't think that socket connection is still there, but why the Linux is not aware of the broken socket connection? On Sun, Aug 3, 2008 at 10:20 PM, Urjit Gokhale [EMAIL PROTECTED] wrote: Looks like the server doesn't even get the Client hello message. Did you check the state of your client. Is it stuck in SSL_connect (it should be, I believe)? where is it stuck ? use s_client / s_server applications (comes with openssl.), if possible to figure out the issue. You may wish to use strace or like to figure out what calls your client/server make. This may hint towards the problem. Let us know what you get, and we might be able to help you further. ~ Urjit - Original Message - From: Jinsong Du [EMAIL PROTECTED] To: openssl-users@openssl.org Sent: Friday, August 01, 2008 4:07 AM Subject: SSL3_accept makes Server stuck (I sent the following post through Google Group, but it seems not appear on the maillist) Hi all, I have a simple server using blocked socket and OpenSSL, its only function is for user registering an account. When an user connect to this server, it spawns a child process to handle the request. I found sometime child processes got stuck. I checked these malfunctioned process with gdb, and got the following output: (gdb) bt #0 0x2b80dffd7352 in read () from /lib/libc.so.6 #1 0x2b80de4160a1 in BIO_new_socket () from /usr/lib/libcrypto.so.0.9.8 #2 0x2b80de41449f in BIO_read () from /usr/lib/libcrypto.so.0.9.8 #3 0x2b80de23d57d in ssl3_read_n () from /usr/lib/libssl.so.0.9.8 #4 0x2b80de23dabd in ssl3_read_bytes () from /usr/lib/libssl.so.0.9.8 #5 0x2b80de23e795 in ssl3_get_message () from /usr/lib/libssl.so.0.9.8 #6 0x2b80de2340aa in ssl3_check_client_hello () from /usr/lib/libssl.so.0.9.8 #7 0x2b80de236855 in ssl3_accept () from /usr/lib/libssl.so.0.9.8 #8 0x00437945 in main () seems like during the function call of ssl3_accept(), server waits for hand-shaking packet from user machine, but never get it. Or maybe the user machine was cut off from Internet accidentally, so server never got any hint, still wait for input. The socket is blocked one. Anyone has any idea about this situation? Thanks in advance. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] DISCLAIMER == This e-mail may contain privileged and confidential information which is the property of Persistent Systems Ltd. It is intended only for the use of the individual or entity to which it is addressed. If you are not the intended recipient, you are not authorized to read, retain, copy, print, distribute or use this message. If you have received this communication in error, please notify the sender and delete all copies of this message. Persistent Systems Ltd. does not accept any liability for virus infected mails. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing List
Re: SSL3_accept makes Server stuck
Looks like the server doesn't even get the Client hello message. Did you check the state of your client. Is it stuck in SSL_connect (it should be, I believe)? where is it stuck ? use s_client / s_server applications (comes with openssl.), if possible to figure out the issue. You may wish to use strace or like to figure out what calls your client/server make. This may hint towards the problem. Let us know what you get, and we might be able to help you further. ~ Urjit - Original Message - From: Jinsong Du [EMAIL PROTECTED] To: openssl-users@openssl.org Sent: Friday, August 01, 2008 4:07 AM Subject: SSL3_accept makes Server stuck (I sent the following post through Google Group, but it seems not appear on the maillist) Hi all, I have a simple server using blocked socket and OpenSSL, its only function is for user registering an account. When an user connect to this server, it spawns a child process to handle the request. I found sometime child processes got stuck. I checked these malfunctioned process with gdb, and got the following output: (gdb) bt #0 0x2b80dffd7352 in read () from /lib/libc.so.6 #1 0x2b80de4160a1 in BIO_new_socket () from /usr/lib/libcrypto.so.0.9.8 #2 0x2b80de41449f in BIO_read () from /usr/lib/libcrypto.so.0.9.8 #3 0x2b80de23d57d in ssl3_read_n () from /usr/lib/libssl.so.0.9.8 #4 0x2b80de23dabd in ssl3_read_bytes () from /usr/lib/libssl.so.0.9.8 #5 0x2b80de23e795 in ssl3_get_message () from /usr/lib/libssl.so.0.9.8 #6 0x2b80de2340aa in ssl3_check_client_hello () from /usr/lib/libssl.so.0.9.8 #7 0x2b80de236855 in ssl3_accept () from /usr/lib/libssl.so.0.9.8 #8 0x00437945 in main () seems like during the function call of ssl3_accept(), server waits for hand-shaking packet from user machine, but never get it. Or maybe the user machine was cut off from Internet accidentally, so server never got any hint, still wait for input. The socket is blocked one. Anyone has any idea about this situation? Thanks in advance. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] DISCLAIMER == This e-mail may contain privileged and confidential information which is the property of Persistent Systems Ltd. It is intended only for the use of the individual or entity to which it is addressed. If you are not the intended recipient, you are not authorized to read, retain, copy, print, distribute or use this message. If you have received this communication in error, please notify the sender and delete all copies of this message. Persistent Systems Ltd. does not accept any liability for virus infected mails. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
SSL3_accept makes Server stuck
(I sent the following post through Google Group, but it seems not appear on the maillist) Hi all, I have a simple server using blocked socket and OpenSSL, its only function is for user registering an account. When an user connect to this server, it spawns a child process to handle the request. I found sometime child processes got stuck. I checked these malfunctioned process with gdb, and got the following output: (gdb) bt #0 0x2b80dffd7352 in read () from /lib/libc.so.6 #1 0x2b80de4160a1 in BIO_new_socket () from /usr/lib/libcrypto.so.0.9.8 #2 0x2b80de41449f in BIO_read () from /usr/lib/libcrypto.so.0.9.8 #3 0x2b80de23d57d in ssl3_read_n () from /usr/lib/libssl.so.0.9.8 #4 0x2b80de23dabd in ssl3_read_bytes () from /usr/lib/libssl.so.0.9.8 #5 0x2b80de23e795 in ssl3_get_message () from /usr/lib/libssl.so.0.9.8 #6 0x2b80de2340aa in ssl3_check_client_hello () from /usr/lib/libssl.so.0.9.8 #7 0x2b80de236855 in ssl3_accept () from /usr/lib/libssl.so.0.9.8 #8 0x00437945 in main () seems like during the function call of ssl3_accept(), server waits for hand-shaking packet from user machine, but never get it. Or maybe the user machine was cut off from Internet accidentally, so server never got any hint, still wait for input. The socket is blocked one. Anyone has any idea about this situation? Thanks in advance. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]