Uploaded image for project: 'CFEngine Community'
  1. CFEngine Community
  2. CFE-3066

Support retry on SSL_accept

    XMLWordPrintable

    Details

    • Type: Task
    • Status: Done
    • Priority: (None)
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 3.12.3, 3.15.0
    • Component/s: cf-serverd
    • Labels:
      None

      Description

      A user has reported success with a patch similar to that from CFE-3023 but targeted to SSL_accept in server_tls.c.

      This block:

      int ret,tries = 0,code=0;
      do
        {
          ret = SSL_accept(ssl);
          if (ret < 0)
            {
              code = TLSLogError(ssl, LOG_LEVEL_ERR,
                                 "Attempted to accept  TLS connection", ret);
              if (code == SSL_ERROR_WANT_READ)
                {
                  sleep(1);
                }
            }
        } while( ret < 0 && code == SSL_ERROR_WANT_READ && (tries++ < 10) );
      

      replaces the single call in cf-serverd/server_tls.c:

      int ret = SSL_accept(ssl);
      

      i can see from the messages in the logs definitely save multiple connections
      previously devices would lag for hours or days until net latency dropped
      now all check-ins across 9 test devices and master with patches are within 5 minutes

      there are 3 spots
      tls_client.c, tls_generic.c, server_tls.c
      tls_client.c -> in TLSTry
      tls_generic.c -> TLSRecv
      server_tls.c -> BasicServerTLSSessionEstablish
      in each case i retry when SSL returns SSL_ERROR_WANT_READ

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                vpodzime Vratislav Podzimek
                Reporter:
                a10042 Nick Anderson
              • Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:

                  Summary Panel