[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [Libevent-users] How to set "allow_dirty_shutdown" for SSL?

To: libevent-users@xxxxxxxxxxxxx
Subject: Re: [Libevent-users] How to set "allow_dirty_shutdown" for SSL?
From: Nick Mathewson <nickm@xxxxxxxxxxxxx>
Date: Thu, 14 Jan 2010 17:18:00 -0500
Delivered-to: archiver@xxxxxxxx
Delivered-to: libevent-users-outgoing@xxxxxxxx
Delivered-to: libevent-users@xxxxxxxx
Delivery-date: Thu, 14 Jan 2010 17:18:21 -0500
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:sender:received:in-reply-to :references:date:x-google-sender-auth:message-id:subject:from:to :content-type:content-transfer-encoding; bh=U0S2+PpXqtXAZxw2mJW+LqZcFD/zkKWGLnMQ9NxSAGA=; b=FwYzBJTR1R8ILtPVetIWSsUjfzEhn2L9BvmqMPxGt818mqGIYRLLUwokMEQ2/6FMVD h6WW+Tpvp+iEkLdxZuzHpRRM+e3SxQu9ECTpGWMFJEK7RN7uGZ3CPn8Y0JtVHfS/NTaJ VbmpQVjKZy9nsUy8T6xY/62cuZ26ODvs2ew+w=
Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:sender:in-reply-to:references:date :x-google-sender-auth:message-id:subject:from:to:content-type :content-transfer-encoding; b=R5M2Q8/10piz173A40It3sQFtY64FcJZTOoahataJPCop3z5GuOgtRh6Pfe4jLChVJ Eo8gltDEA+tQtO3Mn1CFONmTlj6Dx1l/j8CEbueLRCzPRon7s7eAr3aP7NqZcn+bzpSA tX0p6V7kzBkrnY3JtzR4DqscKD2NOJgLXHHsY=
In-reply-to: <4B4C9C8F.8000306@xxxxxxxxxxx>
References: <4B4B5FD2.7080508@xxxxxxxxxxx> <e8ac78311001111221y637bd511w81499173206582db@xxxxxxxxxxxxxx> <4B4C9C8F.8000306@xxxxxxxxxxx>
Reply-to: libevent-users@xxxxxxxxxxxxx
Sender: owner-libevent-users@xxxxxxxxxxxxx

On Tue, Jan 12, 2010 at 11:00 AM, Joachim Bauch <jojo@xxxxxxxxxxx> wrote:
> Hi,
>
> Nick Mathewson wrote:
   [...]
>> On the other hand, there should be _some_ way of detecting and
>> reporting a dirty shutdown more detectable.  Instead of having an
>> allow_dirty_shutdown flag, maybe there should be a got_dirty_shutdown
>> flag that the user can check when getting an SSL error.  (There
>> doesn't seem to be a particular OpenSSL error that gets set in this
>> case, so I don't expect that calling bufferevent_get_openssl_error
>> would do any good.)
>
> Okay, understood. My problem is, that for some clients the TCP
> connection is closed without the SSL-close protocol being performed
> beforehand. This is not really an error in my use case, but I can't
> differentiate between this dirty shutdown and a regular error - both
> events are reported as "BEV_EVENT_ERROR" to my app.
>
> My application-level callback is not triggered from "conn_closed()"
> as Jardel wrote, but from "be_openssl_eventcb" (my SSL bufferevent is
> wrapped around a regular bufferevent).
>
> To report a dirty shutdown, I suggest passing an event of
> "BEV_EVENT_ERROR|BEV_EVENT_EOF" to the application (instead of the
> "BEV_EVENT_ERROR" as is now), so the dirty shutdown can be detected
> and handled differentely to the clean shutdown (which is "BEV_EVENT_EOF"
> only).
>
> Any objections or should I prepare a patch for this?

I think that's a suboptimal interface.  The events argument to eventcb
is a bitfield of different events, so if we use ERROR|EOF to mean a
dirty shutdown, we won't be able to tell it from an error and an eof
both being reported at once.

There _is_ a mechanism to distinguish OpenSSL errors from one another
from eventcb: bufferevent_get_openssl_error().   The only problem is
that a closed connection is not necessarily reported by openssl as an
openssl error.  I wonder if we can find some unused part of the
openssl error space to reserve for libevent.
***********************************************************************
To unsubscribe, send an e-mail to majordomo@xxxxxxxxxxxxx with
unsubscribe libevent-users    in the body.

Follow-Ups:
- Re: [Libevent-users] How to set "allow_dirty_shutdown" for SSL?
  - From: Joachim Bauch

References:
- [Libevent-users] How to set "allow_dirty_shutdown" for SSL?
  - From: Joachim Bauch
- Re: [Libevent-users] How to set "allow_dirty_shutdown" for SSL?
  - From: Nick Mathewson
- Re: [Libevent-users] How to set "allow_dirty_shutdown" for SSL?
  - From: Joachim Bauch

Prev by Author: Re: [Libevent-users] How to set "allow_dirty_shutdown" for SSL?
Next by Author: Re: [Libevent-users] How to set "allow_dirty_shutdown" for SSL?
Previous by thread: Re: [Libevent-users] How to set "allow_dirty_shutdown" for SSL?
Next by thread: Re: [Libevent-users] How to set "allow_dirty_shutdown" for SSL?
Index(es):
- Author
- Thread