-
Notifications
You must be signed in to change notification settings - Fork 7.3k
SSL hanging due undrained error queue? #1719
Comments
I wish there were a test for this. But it does seem like draining the openssl error queue is the wise thing. It'd be great to have @pquerna weigh in here. Hopefully soon he'll just tell us to use Selene. |
|
Called it. |
This fix is in v0.4.12 and will be in v0.5.7 (to be released tomorrow). I'm going to leave this issue open. Hopefully someone can find a test. |
It may be related to socketio/socket.io#522. |
I was able to reproduce with these scripts https://gist.github.com/1220229 |
We still see this in production running 0.4.12 |
@guille supposedly it's fixed 0.4.12 - what exactly are you seeing? @dannycoates any luck producing a test for this? |
Then requests hang |
Okay, I think I can reproduce it. It's openssl complaining that it received something that (to openssl) doesn't look like a HTTP request, probably because it doesn't start with GET|POST|PUT|DELETE|CONNECT. |
That test passes on that machine, so I guess it doesn't reproduce it :/ |
I think it's a normal error logged when a sockets listenning for https is recieving a plain http request ... so i (guess?) it should not harm the system right? |
@Lou-adrien is right. I ran into this randomly development today. I kept switching back and forth between an http server and https server in node. Sending insecure requests to the https server would produce this error. It doesn't seem to have any lasting ill effects though. But it also doesn't propagate errors up to uncaughtException. Instead the connection just dies. |
Closing, I have good reason to believe that this is no longer issue. If you have reason to believe otherwise, speak up and I'll reopen it. |
@mranney says
@dannycoates says
From the man page:
thread's error queue and removes the
entry. This function can be called repeatedly until there are
no more error codes to return.
is it possible that the thread's error queue is getting filled and
causing OpenSSL to stop processing when it hits an error? In several
tests they seem to loop on this function:
./test/bntest.c: while ((l=ERR_get_error()))
./test/rsa_test.c: while ((l = ERR_get_error()) != 0)
Should Node be greedily looping on this?
It seems stunnel is doing this too:
The text was updated successfully, but these errors were encountered: