Project

General

Profile

Actions

Bug #14005

closed

[PATCH] webrick: do not hang acceptor on slow TLS connections

Added by normalperson (Eric Wong) over 6 years ago. Updated over 6 years ago.

Status:
Closed
Assignee:
-
Target version:
-
ruby -v:
[ruby-core:83221]

Description

OpenSSL::SSL::SSLSocket#accept may block indefinitely on clients
which negotiate the TCP connection, but fail (or are slow) to
negotiate the subsequent TLS handshake. This prevents the
multi-threaded WEBrick server from accepting other connections.

Since the TLS handshake (via OpenSSL::SSL::SSLSocket#accept)
consists of normal read/write traffic over TCP, handle it in the
per-client thread, instead.

Furthermore, using non-blocking accept() is useful for non-TLS
sockets anyways because spurious wakeups are possible from
select(2).

  • lib/webrick/server.rb (accept_client): use TCPServer#accept_nonblock
    and remove OpenSSL::SSL::SSLSocket#accept call
  • lib/webrick/server.rb (start_thread): call OpenSSL::SSL::SSLSocket#accept
  • test/webrick/test_ssl_server.rb (test_slow_connect): new test

Files


Related issues 1 (0 open1 closed)

Related to Ruby master - Bug #14011: Appveyor failure - svn 60172 - ‘webrick: do not hang acceptor on slow TLS connections’Rejectednormalperson (Eric Wong)Actions
Actions #1

Updated by Anonymous over 6 years ago

  • Status changed from Open to Closed

Applied in changeset trunk|r60172.


webrick: do not hang acceptor on slow TLS connections

OpenSSL::SSL::SSLSocket#accept may block indefinitely on clients
which negotiate the TCP connection, but fail (or are slow) to
negotiate the subsequent TLS handshake. This prevents the
multi-threaded WEBrick server from accepting other connections.

Since the TLS handshake (via OpenSSL::SSL::SSLSocket#accept)
consists of normal read/write traffic over TCP, handle it in the
per-client thread, instead.

Furthermore, using non-blocking accept() is useful for non-TLS
sockets anyways because spurious wakeups are possible from
select(2).

  • lib/webrick/server.rb (accept_client): use TCPServer#accept_nonblock
    and remove OpenSSL::SSL::SSLSocket#accept call
  • lib/webrick/server.rb (start_thread): call OpenSSL::SSL::SSLSocket#accept
  • test/webrick/test_ssl_server.rb (test_slow_connect): new test
    [ruby-core:83221] [Bug #14005]
Actions #2

Updated by nagachika (Tomoyuki Chikanaga) over 6 years ago

  • Related to Bug #14011: Appveyor failure - svn 60172 - ‘webrick: do not hang acceptor on slow TLS connections’ added

Updated by normalperson (Eric Wong) over 6 years ago

  • Status changed from Closed to Open

needs r60211, too :x

Actions #4

Updated by normalperson (Eric Wong) over 6 years ago

  • Status changed from Open to Closed

Updated by nagachika (Tomoyuki Chikanaga) over 6 years ago

  • Backport changed from 2.3: REQUIRED, 2.4: REQUIRED to 2.3: REQUIRED, 2.4: DONE

ruby_2_4 r61239 merged revision(s) 60123,60172,60189,60208,60210,60211.

Updated by usa (Usaku NAKAMURA) over 6 years ago

  • Backport changed from 2.3: REQUIRED, 2.4: DONE to 2.3: DONE, 2.4: DONE

ruby_2_3 r61240 merged revision(s) 60172,60189,60208,60210,60211.

Actions

Also available in: Atom PDF

Like0
Like0Like0Like0Like0Like0Like0