[ruby-cvs:68421] usa:r61240 (ruby_2_3): merge revision(s) 60172, 60189, 60208, 60210, 60211: [Backport #14005]

usa at ruby-lang.org usa at ruby-lang.org
Thu Dec 14 22:33:54 JST 2017


usa	2017-12-14 22:33:54 +0900 (Thu, 14 Dec 2017)

  New Revision: 61240

  https://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=revision&revision=61240

  Log:
    merge revision(s) 60172,60189,60208,60210,60211: [Backport #14005]
    
    webrick: do not hang acceptor on slow TLS connections
    
    OpenSSL::SSL::SSLSocket#accept may block indefinitely on clients
    which negotiate the TCP connection, but fail (or are slow) to
    negotiate the subsequent TLS handshake.  This prevents the
    multi-threaded WEBrick server from accepting other connections.
    
    Since the TLS handshake (via OpenSSL::SSL::SSLSocket#accept)
    consists of normal read/write traffic over TCP, handle it in the
    per-client thread, instead.
    
    Furthermore, using non-blocking accept() is useful for non-TLS
    sockets anyways because spurious wakeups are possible from
    select(2).
    
    * lib/webrick/server.rb (accept_client): use TCPServer#accept_nonblock
      and remove OpenSSL::SSL::SSLSocket#accept call
    * lib/webrick/server.rb (start_thread): call OpenSSL::SSL::SSLSocket#accept
    * test/webrick/test_ssl_server.rb (test_slow_connect): new test
      [ruby-core:83221] [Bug #14005]
    
    webrick: fix up r60172
    
    By making the socket non-blocking in r60172, TLS/SSL negotiation
    via the SSL_accept function must handle non-blocking sockets
    properly and retry on SSL_ERROR_WANT_READ/SSL_ERROR_WANT_WRITE.
    OpenSSL::SSL::SSLSocket#accept cannot do that properly with a
    non-blocking socket, so it must use non-blocking logic of
    OpenSSL::SSL::SSLSocket#accept_nonblock.
    
    Thanks to MSP-Greg (Greg L) for finding this.
    
    * lib/webrick/server.rb (start_thread): use SSL_accept properly
      with non-blocking socket.
      [Bug #14013] [Bug #14005]
    
    webrick: fix up r60172 and revert r60189
    
    Thanks to MSP-Greg (Greg L) for helping with this.
    
    * lib/webrick/server.rb (start_thread): ignore ECONNRESET, ECONNABORTED,
      EPROTO, and EINVAL on TLS negotiation errors the same way they
      were ignored before r60172 in the accept_client method of the
      main acceptor thread.
      [Bug #14013] [Bug #14005]
    
    webrick: fix up r60172 and r60208
    
    Thanks to MSP-Greg (Greg L) for helping with this.
    
    * lib/webrick/server.rb (start_thread): fix non-local return
      introduced in r60208
    
    webrick: fix up r60172 and r60210
    
    Thanks to MSP-Greg (Greg L) for helping with this.
    
    * lib/webrick/server.rb (start_thread): properly fix non-local return
      introduced in r60208 and r60210

  Added files:
    branches/ruby_2_3/test/webrick/test_ssl_server.rb
  Modified directories:
    branches/ruby_2_3/
  Modified files:
    branches/ruby_2_3/ChangeLog
    branches/ruby_2_3/lib/webrick/server.rb
    branches/ruby_2_3/version.h


More information about the ruby-cvs mailing list