Bug #8590
closedSecond call of https.get results in timeout
Description
Hi,
In the following code, second call of https.get results in an error "Connection reset by peer - SSL_connect" after timeout.
require "net/https"
https = Net::HTTP.new("secure.nicovideo.jp", 443)
#https = Net::HTTP.new("www.sbisec.co.jp", 443)  # same result for this server
https.use_ssl = true
https.ssl_version = 'TLSv1'
https.start{ p https.get('/') }  #=> OK
https.start{ p https.get('/') }  #=> (Timeout)¶
Expected: prints response twice
Actual: prints response once, and raises the following error after timeout
/Users/yhara/.rbenv/versions/2.0.0-p247/lib/ruby/2.0.0/net/http.rb:918:in connect': Connection reset by peer - SSL_connect (Errno::ECONNRESET) from /Users/yhara/.rbenv/versions/2.0.0-p247/lib/ruby/2.0.0/net/http.rb:918:in block in connect'
from /Users/yhara/.rbenv/versions/2.0.0-p247/lib/ruby/2.0.0/timeout.rb:52:in timeout' from /Users/yhara/.rbenv/versions/2.0.0-p247/lib/ruby/2.0.0/net/http.rb:918:in connect'
from /Users/yhara/.rbenv/versions/2.0.0-p247/lib/ruby/2.0.0/net/http.rb:862:in do_start' from /Users/yhara/.rbenv/versions/2.0.0-p247/lib/ruby/2.0.0/net/http.rb:851:in start'
Is this a bug of Net::HTTP, or a problem of the server, or just I'm doing something wrong?
Thanks in advance.
Files
        
           Updated by zzak (zzak _) over 12 years ago
          Updated by zzak (zzak _) over 12 years ago
          
          
        
        
      
      - Status changed from Open to Assigned
- Assignee set to naruse (Yui NARUSE)
        
           Updated by Glass_saga (Masaki Matsushita) over 12 years ago
          Updated by Glass_saga (Masaki Matsushita) over 12 years ago
          
          
        
        
      
      It can be reproduced on trunk r41889.
        
           Updated by naruse (Yui NARUSE) over 12 years ago
          Updated by naruse (Yui NARUSE) over 12 years ago
          
          
        
        
      
      - Status changed from Assigned to Feedback
I can't reproduce on
- ruby 2.1.0dev (2013-07-10 trunk 41892) [x86_64-freebsd9.1]
- OpenSSL 0.9.8y 5 Feb 2013
Feedback and patch is welcome
        
           Updated by drbrain (Eric Hodel) over 12 years ago
          Updated by drbrain (Eric Hodel) over 12 years ago
          
          
        
        
      
      =begin
I can reproduce it with OpenSSL 1.0.1e 11 Feb 2013 and ruby trunk, it seems related to SSL session reuse.
(({openssl s_client})) for 1.0.1e behaves strangely with this server, however. (({openssl s_client -host secure.nicovideo.jp -port 443})) times out, (({openssl s_client -host secure.nicovideo.jp -port 443 -tls1})) connects successfully. Adding the (({-reconnect})) flag does not produce the timeout for subsequent connections.
With the attached patch the following test.rb attaches successfully twice:
require "net/https"
https = Net::HTTP.new("secure.nicovideo.jp", 443)
#https = Net::HTTP.new("www.sbisec.co.jp", 443)  # same result for this server
https.open_timeout = 5
https.use_ssl = true
https.reuse_ssl_session = false
https.ssl_version = 'TLSv1'
https.start{ p https.get('/') }  #=> OK
https.start{ p https.get('/') }  #=> (Timeout)
May I commit?
=end
        
           Updated by naruse (Yui NARUSE) over 12 years ago
          Updated by naruse (Yui NARUSE) over 12 years ago
          
          
        
        
      
      drbrain (Eric Hodel) wrote:
I can reproduce it with OpenSSL 1.0.1e 11 Feb 2013 and ruby trunk, it seems related to SSL session reuse.
(({openssl s_client})) for 1.0.1e behaves strangely with this server, however. (({openssl s_client -host secure.nicovideo.jp -port 443})) times out, (({openssl s_client -host secure.nicovideo.jp -port 443 -tls1})) connects successfully. Adding the (({-reconnect})) flag does not produce the timeout for subsequent connections.
With the attached patch the following test.rb attaches successfully twice:
require "net/https"
https = Net::HTTP.new("secure.nicovideo.jp", 443)
#https = Net::HTTP.new("www.sbisec.co.jp", 443) # same result for this serverhttps.open_timeout = 5
https.use_ssl = true
https.reuse_ssl_session = false
https.ssl_version = 'TLSv1'
https.start{ p https.get('/') } #=> OK
https.start{ p https.get('/') } #=> (Timeout)May I commit?
The reuse_ssl_session = false feels workaround; it can't be applied generally.
As far as I understand, this is because SSL-related timeout won't be reconnected though normal HTTP is reconnected automatically.
Therefore https should also reconnect automatically.
        
           Updated by hsbt (Hiroshi SHIBATA) over 11 years ago
          Updated by hsbt (Hiroshi SHIBATA) over 11 years ago
          
          
        
        
      
      - Target version changed from 2.1.0 to 2.2.0
        
           Updated by naruse (Yui NARUSE) almost 8 years ago
          Updated by naruse (Yui NARUSE) almost 8 years ago
          
          
        
        
      
      - Target version deleted (2.2.0)
        
           Updated by jeremyevans0 (Jeremy Evans) about 6 years ago
          Updated by jeremyevans0 (Jeremy Evans) about 6 years ago
          
          
        
        
      
      - Backport deleted (1.9.3: UNKNOWN, 2.0.0: UNKNOWN)
- Status changed from Feedback to Closed
I think this was fixed by 711ece42cddc4737a4b1667b1f20ca74030d0255.