forked from rabbitmq/rabbitmq-c
-
Notifications
You must be signed in to change notification settings - Fork 666
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
OpenSSL 1.1.1 blocking on a non-blocking socket #586
Comments
david-mohr
changed the title
OpenSSL 1.1.1 blocking issue
OpenSSL 1.1.1 blocking on a non-blocking socket
Dec 11, 2019
alanxz
added a commit
that referenced
this issue
Dec 11, 2019
OpenSSL changed the default in v1.1.1 of SSL_MODE_AUTO_RETRY from off to on. Because rabbitmq-c uses non-blocking calls internally, this must be disabled. Additionally turn on SSL_MODE_ENABLE_PARTIAL_WRITE to allow SSL_write to return before a full frame is written. This is likely a latent bug that hasn't been found until recently. Fixes #586
alanxz
added a commit
that referenced
this issue
Dec 11, 2019
OpenSSL changed the default in v1.1.1 of SSL_MODE_AUTO_RETRY from off to on. Because rabbitmq-c uses non-blocking calls internally, this must be disabled. Additionally turn on SSL_MODE_ENABLE_PARTIAL_WRITE to allow SSL_write to return before a full frame is written. This is likely a latent bug that hasn't been found until recently. Fixes #586
Seems like a reasonable thing to fix. Fix is in #587 |
alanxz
added a commit
that referenced
this issue
Dec 11, 2019
OpenSSL changed the default in v1.1.1 of SSL_MODE_AUTO_RETRY from off to on. Because rabbitmq-c uses non-blocking calls internally, this must be disabled. Additionally turn on SSL_MODE_ENABLE_PARTIAL_WRITE to allow SSL_write to return before a full frame is written. This is likely a latent bug that hasn't been found until recently. Fixes #586
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hi Alan,
We recently moved to OpenSSL 1.1.1 from 1.1.0 and found some issue with amqp_basic_publish blocking under certain conditions, even though we are using a non-blocking socket.
After many days of frustration, we found one little comment in the OpenSSL docs:
https://www.openssl.org/docs/man1.1.1/man3/SSL_CTX_set_mode.html
SSL_MODE_AUTO_RETRY attempts to renegotiate a broken SSL connection (which in our testing is simply pulling out the network cable) and blocks the whole time.
To revert back to the original, fully non-blocking behaviour we disabled AUTO_RETRY and enabled PARTIAL_WRITE:
And now we are back to expected non-blocking behaviour.
Would you be comfortable adding this into the code base when the SSL CTX is created? Alternatively, would you be able to declare the amqp_socket struct in the header so we can access the CTX to set these modes from our application code?
Thanks.
The text was updated successfully, but these errors were encountered: