Project

General

Profile

Actions
Copy link

Bug #14005

closed

[PATCH] webrick: do not hang acceptor on slow TLS connections

Added by normalperson (Eric Wong) about 7 years ago. Updated almost 7 years ago.

Status:
Closed
Assignee:
-
Target version:
-
ruby -v:
Backport:
2.3: DONE, 2.4: DONE
[ruby-core:83221]

Description

OpenSSL::SSL::SSLSocket#accept may block indefinitely on clients
which negotiate the TCP connection, but fail (or are slow) to
negotiate the subsequent TLS handshake. This prevents the
multi-threaded WEBrick server from accepting other connections.

Since the TLS handshake (via OpenSSL::SSL::SSLSocket#accept)
consists of normal read/write traffic over TCP, handle it in the
per-client thread, instead.

Furthermore, using non-blocking accept() is useful for non-TLS
sockets anyways because spurious wakeups are possible from
select(2).

  • lib/webrick/server.rb (accept_client): use TCPServer#accept_nonblock
    and remove OpenSSL::SSL::SSLSocket#accept call
  • lib/webrick/server.rb (start_thread): call OpenSSL::SSL::SSLSocket#accept
  • test/webrick/test_ssl_server.rb (test_slow_connect): new test

Files

0001-webrick-do-not-hang-acceptor-on-slow-TLS-connections.patch (4.12 KB) 0001-webrick-do-not-hang-acceptor-on-slow-TLS-connections.patch normalperson (Eric Wong), 10/11/2017 11:22 PM

Related issues 1 (0 open1 closed)

Related to Ruby master - Bug #14011: Appveyor failure - svn 60172 - ‘webrick: do not hang acceptor on slow TLS connections’Rejectednormalperson (Eric Wong)Actions
Actions
Copy link
 #1

Updated by Anonymous about 7 years ago

  • Status changed from Open to Closed

Applied in changeset trunk|r60172.

webrick: do not hang acceptor on slow TLS connections

OpenSSL::SSL::SSLSocket#accept may block indefinitely on clients
which negotiate the TCP connection, but fail (or are slow) to
negotiate the subsequent TLS handshake. This prevents the
multi-threaded WEBrick server from accepting other connections.

Since the TLS handshake (via OpenSSL::SSL::SSLSocket#accept)
consists of normal read/write traffic over TCP, handle it in the
per-client thread, instead.

Furthermore, using non-blocking accept() is useful for non-TLS
sockets anyways because spurious wakeups are possible from
select(2).

  • lib/webrick/server.rb (accept_client): use TCPServer#accept_nonblock
    and remove OpenSSL::SSL::SSLSocket#accept call
  • lib/webrick/server.rb (start_thread): call OpenSSL::SSL::SSLSocket#accept
  • test/webrick/test_ssl_server.rb (test_slow_connect): new test
    [ruby-core:83221] [Bug #14005]
Actions
Copy link
 #2

Updated by nagachika (Tomoyuki Chikanaga) about 7 years ago

  • Related to Bug #14011: Appveyor failure - svn 60172 - ‘webrick: do not hang acceptor on slow TLS connections’ added
Actions
Copy link
 #3 [ruby-core:83361]

Updated by normalperson (Eric Wong) about 7 years ago

  • Status changed from Closed to Open

needs r60211, too :x

Actions
Copy link
 #4

Updated by normalperson (Eric Wong) about 7 years ago

  • Status changed from Open to Closed
Actions
Copy link
 #5 [ruby-core:84262]

Updated by nagachika (Tomoyuki Chikanaga) almost 7 years ago

  • Backport changed from 2.3: REQUIRED, 2.4: REQUIRED to 2.3: REQUIRED, 2.4: DONE

ruby_2_4 r61239 merged revision(s) 60123,60172,60189,60208,60210,60211.

Actions
Copy link
 #6 [ruby-core:84264]

Updated by usa (Usaku NAKAMURA) almost 7 years ago

  • Backport changed from 2.3: REQUIRED, 2.4: DONE to 2.3: DONE, 2.4: DONE

ruby_2_3 r61240 merged revision(s) 60172,60189,60208,60210,60211.

Actions
Copy link

Also available in: Atom PDF

Like0
Like0Like0Like0Like0Like0Like0