diff options
author | Emmanuel Vasilakis <mrzammler@mm.st> | 2023-01-13 17:51:56 +0200 |
---|---|---|
committer | GitHub <noreply@github.com> | 2023-01-13 17:51:56 +0200 |
commit | c5374729144d6c48c0792d5f6f796b1a6908b7ce (patch) | |
tree | b3ed61aefa2949d9bce38b39b0d07fdd5d5589ed /libnetdata | |
parent | 8315a8e9f5d83eccbdafffe3c9f1c120780ff66c (diff) |
Enable retries for SSL_ERROR_WANT_READ (#14120)
* enable retries for SSL_ERROR_WANT_READ
* only when bytes is <= 0
* treat ERROR_WANT_READ/WRITE as 0 bytes
* dont close connection on zero bytes
* reuse ssl connection
* treat zero bytes
* ifdef for old openssl
* revert check
Diffstat (limited to 'libnetdata')
-rw-r--r-- | libnetdata/socket/security.c | 2 | ||||
-rw-r--r-- | libnetdata/socket/socket.c | 34 |
2 files changed, 22 insertions, 14 deletions
diff --git a/libnetdata/socket/security.c b/libnetdata/socket/security.c index 88b3f6d930..7c50921502 100644 --- a/libnetdata/socket/security.c +++ b/libnetdata/socket/security.c @@ -310,7 +310,7 @@ int security_process_accept(SSL *ssl,int msg) { int counter = 0; while ((err = ERR_get_error()) != 0) { ERR_error_string_n(err, buf, sizeof(buf)); - info("%d SSL Handshake error (%s) on socket %d ", counter++, ERR_error_string((long)SSL_get_error(ssl, test), NULL), sock); + error("%d SSL Handshake error (%s) on socket %d", counter++, ERR_error_string((long)SSL_get_error(ssl, test), NULL), sock); } return NETDATA_SSL_NO_HANDSHAKE; } diff --git a/libnetdata/socket/socket.c b/libnetdata/socket/socket.c index 89e00a5277..69124b9491 100644 --- a/libnetdata/socket/socket.c +++ b/libnetdata/socket/socket.c @@ -926,13 +926,17 @@ ssize_t netdata_ssl_read(SSL *ssl, void *buf, size_t num) { int bytes, err, retries = 0; //do { - bytes = SSL_read(ssl, buf, (int)num); - err = SSL_get_error(ssl, bytes); - retries++; - //} while (bytes <= 0 && (err == SSL_ERROR_WANT_READ)); + bytes = SSL_read(ssl, buf, (int)num); + err = SSL_get_error(ssl, bytes); + retries++; + //} while (bytes <= 0 && err == SSL_ERROR_WANT_READ); - if(unlikely(bytes <= 0)) - error("SSL_read() returned %d bytes, SSL error %d", bytes, err); + if(unlikely(bytes <= 0)) { + if (err == SSL_ERROR_WANT_WRITE || err == SSL_ERROR_WANT_READ) { + bytes = 0; + } else + error("SSL_write() returned %d bytes, SSL error %d", bytes, err); + } if(retries > 1) error_limit(&erl, "SSL_read() retried %d times", retries); @@ -947,17 +951,21 @@ ssize_t netdata_ssl_write(SSL *ssl, const void *buf, size_t num) { size_t total = 0; //do { - bytes = SSL_write(ssl, (uint8_t *)buf + total, (int)(num - total)); - err = SSL_get_error(ssl, bytes); - retries++; + bytes = SSL_write(ssl, (uint8_t *)buf + total, (int)(num - total)); + err = SSL_get_error(ssl, bytes); + retries++; - if(bytes > 0) - total += bytes; + if(bytes > 0) + total += bytes; //} while ((bytes <= 0 && (err == SSL_ERROR_WANT_WRITE)) || (bytes > 0 && total < num)); - if(unlikely(bytes <= 0)) - error("SSL_write() returned %d bytes, SSL error %d", bytes, err); + if(unlikely(bytes <= 0)) { + if (err == SSL_ERROR_WANT_WRITE || err == SSL_ERROR_WANT_READ) { + bytes = 0; + } else + error("SSL_write() returned %d bytes, SSL error %d", bytes, err); + } if(retries > 1) error_limit(&erl, "SSL_write() retried %d times", retries); |