Uploaded image for project: 'CFEngine Community'
  1. CFEngine Community
  2. CFE-3023

Should we be retrying on SSL_ERROR_WANT_READ?

    XMLWordPrintable

    Details

    • Type: Task
    • Status: Done
    • Priority: (None)
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 3.14.0, 3.12.3
    • Component/s: None
    • Labels:
      None

      Description

      I'm having SSL_read receive timeout errors, and I think I am getting too many since auto retry is set for ssl.

      The client gets SSL_ERROR_WANT_READ from SSL_read function in TLSRecv, and then SSL shuts down. All subsequent file copies fail as SSL is shut down.

      If I replace this one line

      https://github.com/cfengine/core/blob/86359db55c557173b6a3c9a796ae26f732fc618f/libcfnet/tls_generic.c#L727

      With this code to retry up to 10 times, my transfers improve when the network is under stress.
      However, as expected the timeouts don't work.

      int received,tries = 0,code=0;
      do
        {
          received = SSL_read(ssl, buffer, toget);
          if (received < 0)
            {
              code = TLSLogError(ssl, LOG_LEVEL_ERR, "SSL_read", received);
              if (code == SSL_ERROR_WANT_READ)
                {
                  sleep(1);
                }
            }
        } while( received < 0 && code == SSL_ERROR_WANT_READ && (tries++ < 10) );
      

      3.12.2 packages

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                vpodzime Vratislav Podzimek
                Reporter:
                a10042 Nick Anderson
              • Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:

                  Summary Panel