From: Aaron Patterson <aaron@...>
Date: 2011-06-24T02:13:56+09:00
Subject: [ruby-core:37329] Re: [Ruby 1.9 - Bug #4237] SSL_shutdown should be called until it returns 0


--y0ulUmNC+osPPQO6
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Thu, Jun 23, 2011 at 02:27:41PM +0900, Hiroshi NAKAMURA wrote:
>=20
> Issue #4237 has been updated by Hiroshi NAKAMURA.
>=20
>=20
> Thanks for the explanation. I think r30294 (fix for lib/net/smtp.rb) is g=
ood. It solved the original problem, right? Of course, ext/openssl should t=
ry to shutdown the connection gracefully to the extent possible though.

No problem. :-)

Yes it did solve the original problem, so I am happy.
=20
> And the second part, can you remember some more details of SEGV you got? =
If the error you got is timeout or something, it could be caused by infinit=
e loop by r30451. Is this what you're saying?
> http://www.rubyist.net/~akr/chkbuild/debian/ruby-trunk/log/20110105T19010=
1Z.log.html.gz

Ah, I remembered incorrectly.  It was an infinite loop, not a SEGV.
Sorry, I made this change a while ago and couldn't remember.

> As I wrote above, bi-directional SSL close is hard to control (opposite s=
ide is not controllable) so calling SSL_shutdown() several times without ch=
ecking could be enough.
>=20
> Here's what mod_ssl is doing.
>=20
> int SSL_smart_shutdown(SSL *ssl)
> {      =20
>     int i;
>     int rc;
>    =20
>     /*
>      * Repeat the calls, because SSL_shutdown internally dispatches throu=
gh a
>      * little state machine. Usually only one or two interation should be
>      * needed, so we restrict the total number of restrictions in order to
>      * avoid process hangs in case the client played bad with the socket
>      * connection and OpenSSL cannot recognize it.
>      */              =20
>     rc =3D 0;          =20
>     for (i =3D 0; i < 4 /* max 2x pending + 2x data =3D 4 */; i++) {
>         if ((rc =3D SSL_shutdown(ssl)))
>             break;
>     }
>     return rc;
> } =20
>=20
> If my guess about the error you got is correct, I'll commit similar chang=
es for SSL_shutdown().

Yes, you are correct.  It was an infinite loop and not a segv.  Thanks
for investigating this for me!

--=20
Aaron Patterson
http://tenderlovemaking.com/

--y0ulUmNC+osPPQO6
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (Darwin)

iQEcBAEBAgAGBQJOA3RMAAoJEJUxcLy0/6/GeNgH/1X1ow02IvvqRObuSaz+RS00
7PlzuvHsWYW492To8+LoEkAQRKfn4dokio8Ya2VkvvF/qrLGJizjUlyp8wgYkPaw
iqOE/3DzpGGOaQKRP71hZqrbOdZg+UO31v7etTYOOmzqSXDIUIDyVPGkpRgKcg7O
lDXP19WajPfLkCKGTjp+tB6VmZCqDRw2D2mgZBzyIf3oX93r1EMOhaoKiX/op/La
U050nuKadZd8yCJOd6kgaDcXuoowMw3ChxvB/VnEaxBE3pDOr0hDuDP2GyphHUuz
Bbczg+SrZKW3ZJigVqyqlSm1HIg4+QprA7bUjD+lVTyK/Qj2vaD1uHDpknjOhVA=
=dF9p
-----END PGP SIGNATURE-----

--y0ulUmNC+osPPQO6--