Bug #8590
closedSecond call of https.get results in timeout
Description
Hi,
In the following code, second call of https.get results in an error "Connection reset by peer - SSL_connect" after timeout.
require "net/https"
https = Net::HTTP.new("secure.nicovideo.jp", 443)
#https = Net::HTTP.new("www.sbisec.co.jp", 443) # same result for this server
https.use_ssl = true
https.ssl_version = 'TLSv1'
https.start{ p https.get('/') } #=> OK
https.start{ p https.get('/') } #=> (Timeout)
Expected: prints response twice
Actual: prints response once, and raises the following error after timeout
/Users/yhara/.rbenv/versions/2.0.0-p247/lib/ruby/2.0.0/net/http.rb:918:in connect': Connection reset by peer - SSL_connect (Errno::ECONNRESET) from /Users/yhara/.rbenv/versions/2.0.0-p247/lib/ruby/2.0.0/net/http.rb:918:in
block in connect'
from /Users/yhara/.rbenv/versions/2.0.0-p247/lib/ruby/2.0.0/timeout.rb:52:in timeout' from /Users/yhara/.rbenv/versions/2.0.0-p247/lib/ruby/2.0.0/net/http.rb:918:in
connect'
from /Users/yhara/.rbenv/versions/2.0.0-p247/lib/ruby/2.0.0/net/http.rb:862:in do_start' from /Users/yhara/.rbenv/versions/2.0.0-p247/lib/ruby/2.0.0/net/http.rb:851:in
start'
Is this a bug of Net::HTTP, or a problem of the server, or just I'm doing something wrong?
Thanks in advance.
Files
Updated by zzak (zzak _) over 11 years ago
- Status changed from Open to Assigned
- Assignee set to naruse (Yui NARUSE)
Updated by Glass_saga (Masaki Matsushita) over 11 years ago
It can be reproduced on trunk r41889.
Updated by naruse (Yui NARUSE) over 11 years ago
- Status changed from Assigned to Feedback
I can't reproduce on
- ruby 2.1.0dev (2013-07-10 trunk 41892) [x86_64-freebsd9.1]
- OpenSSL 0.9.8y 5 Feb 2013
Feedback and patch is welcome
Updated by drbrain (Eric Hodel) over 11 years ago
=begin
I can reproduce it with OpenSSL 1.0.1e 11 Feb 2013 and ruby trunk, it seems related to SSL session reuse.
(({openssl s_client})) for 1.0.1e behaves strangely with this server, however. (({openssl s_client -host secure.nicovideo.jp -port 443})) times out, (({openssl s_client -host secure.nicovideo.jp -port 443 -tls1})) connects successfully. Adding the (({-reconnect})) flag does not produce the timeout for subsequent connections.
With the attached patch the following test.rb attaches successfully twice:
require "net/https"
https = Net::HTTP.new("secure.nicovideo.jp", 443)
#https = Net::HTTP.new("www.sbisec.co.jp", 443) # same result for this server
https.open_timeout = 5
https.use_ssl = true
https.reuse_ssl_session = false
https.ssl_version = 'TLSv1'
https.start{ p https.get('/') } #=> OK
https.start{ p https.get('/') } #=> (Timeout)
May I commit?
=end
Updated by naruse (Yui NARUSE) over 11 years ago
drbrain (Eric Hodel) wrote:
I can reproduce it with OpenSSL 1.0.1e 11 Feb 2013 and ruby trunk, it seems related to SSL session reuse.
(({openssl s_client})) for 1.0.1e behaves strangely with this server, however. (({openssl s_client -host secure.nicovideo.jp -port 443})) times out, (({openssl s_client -host secure.nicovideo.jp -port 443 -tls1})) connects successfully. Adding the (({-reconnect})) flag does not produce the timeout for subsequent connections.
With the attached patch the following test.rb attaches successfully twice:
require "net/https"
https = Net::HTTP.new("secure.nicovideo.jp", 443)
#https = Net::HTTP.new("www.sbisec.co.jp", 443) # same result for this serverhttps.open_timeout = 5
https.use_ssl = true
https.reuse_ssl_session = false
https.ssl_version = 'TLSv1'
https.start{ p https.get('/') } #=> OK
https.start{ p https.get('/') } #=> (Timeout)May I commit?
The reuse_ssl_session = false feels workaround; it can't be applied generally.
As far as I understand, this is because SSL-related timeout won't be reconnected though normal HTTP is reconnected automatically.
Therefore https should also reconnect automatically.
Updated by hsbt (Hiroshi SHIBATA) almost 11 years ago
- Target version changed from 2.1.0 to 2.2.0
Updated by naruse (Yui NARUSE) almost 7 years ago
- Target version deleted (
2.2.0)
Updated by jeremyevans0 (Jeremy Evans) over 5 years ago
- Backport deleted (
1.9.3: UNKNOWN, 2.0.0: UNKNOWN) - Status changed from Feedback to Closed
I think this was fixed by 711ece42cddc4737a4b1667b1f20ca74030d0255.