Changeset 816

Timestamp:

08/25/08 04:49:49 (3 months ago)

Author:

brong

Message:

avoid ssl_eof error on SSL_WANT_READ and friends

http://codereview.appspot.com/2341

---

Incrementing a counter on empty SSL reads is not the correct way to determine
ssl_eof
(http://code.sixapart.com/trac/djabberd/changeset/758)

Instead we should check the error code to see if it is one of the SSL errors for
which we are supposed to retry(
http://www.openssl.org/docs/ssl/SSL_get_error.html)

---

I've been testing this for a couple of weeks at FastMail now, and it's stopped
the random disconection errors that some of our SSL users were having. Also,
nobody on the mailing list objected

-- Bron

Files:

• trunk/DJabberd/lib/DJabberd/Connection.pm (modified) (1 diff)
• trunk/DJabberd/lib/DJabberd/Stanza/StartTLS.pm (modified) (2 diffs)

trunk/DJabberd/lib/DJabberd/Connection.pm

@@ -505 +505 @@
-            # wasn't enough of an SSL packet for OpenSSL/etc to return
-            # any unencrypted data back to us.
-
+
+
+
+
+
-                $self->close('ssl_eof');
-            }

trunk/DJabberd/lib/DJabberd/Stanza/StartTLS.pm

@@ -10 +10 @@
-use constant SSL_ERROR_WANT_READ     => 2;
-use constant SSL_ERROR_WANT_WRITE    => 3;
+use constant SSL_ERROR_WANT_CONNECT  => 4;
+use constant SSL_ERROR_WANT_ACCEPT   => 5;
-
-sub on_recv_from_server { &process }
@@ -68 +70 @@
-}
-
+sub actual_error_on_empty_read {
+    my ($class, $ssl) = @_;
+    my $err = Net::SSLeay::get_error($ssl, -1);
+    if ($err == SSL_ERROR_WANT_READ || 
+        $err == SSL_ERROR_WANT_WRITE || 
+        $err == SSL_ERROR_WANT_CONNECT || 
+        $err == SSL_ERROR_WANT_ACCEPT) {
+        # Not an actual error, SSL is busy doing something like renegotiating encryption
+        # just try again next time
+        return 0;
+    }
+    # This is actually an error (return the SSL err code)
+    # unlike the 'no-op' WANT_READ and WANT_WRITE
+    return $err;
+}
+
+
-sub danga_socket_writerfunc {
-    my ($class, $conn) = @_;