ssl: Buffer unsent encrypted data on send timeout#10916
Open
zuiderkwast wants to merge 2 commits intoerlang:masterfrom
Open
ssl: Buffer unsent encrypted data on send timeout#10916zuiderkwast wants to merge 2 commits intoerlang:masterfrom
zuiderkwast wants to merge 2 commits intoerlang:masterfrom
Conversation
The emulated_options/3 function in tls_socket and dtls_socket used a prepend accumulator pattern without reversing the result, causing inet options to be reversed when passed to gen_tcp:connect/gen_udp:open. This broke the inet_backend option which must be the first option in the list according to gen_tcp and gen_udp documentation. Fix by reversing the Inet accumulator before returning. For dtls_socket, also change the initial Inet accumulator from internal_inet_values() to [] since those values are already appended in the connect and listen call sites. Signed-off-by: Viktor Söderqvist <viktor.soderqvist@est.tech>
When using gen_tcp with {inet_backend, socket} and send_timeout,
gen_tcp:send may return {error, {timeout, RestData}} with the unsent
encrypted data. Previously this fell through to the generic error
handler which killed the connection.
Buffer the RestData in a new #sync{} record in the tls_sender state
and retry sending it together with new data on the next ssl:send call.
Reply {error, timeout} to the caller to simulate {inet_backend, inet}
behavior.
When alerts, post-handshake data or renegotiation need to send while
a #sync{} buffer exists, attempt to flush the buffer first. If the
flush succeeds, proceed normally. If it times out again, postpone the
event and re-buffer the remaining data.
Signed-off-by: Viktor Söderqvist <viktor.soderqvist@est.tech>
Contributor
CT Test Results 2 files 66 suites 25m 55s ⏱️ For more details on these failures, see this check. Results for commit 6009ad8. ♻️ This comment has been updated with latest results. To speed up review, make sure that you have read Contributing to Erlang/OTP and that all checks pass. See the TESTING and DEVELOPMENT HowTo guides for details about how to run test locally. Artifacts
// Erlang/OTP Github Action Bot |
IngelaAndin
added
team:PS
Contributor
|
We will consider this after the OTP-29 release. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
When using
gen_tcpwith{inet_backend, socket}andsend_timeout,gen_tcp:sendmay return{error, {timeout, RestData}}with the unsent encrypted data. Previously this fell through to the generic error handler which killed the connection.Buffer the
RestDatain a new#sync{}record in thetls_senderstate and retry sending it together with new data on the nextssl:sendcall. Reply{error, timeout}to the caller to simulate{inet_backend, inet}behavior.When alerts, post-handshake data or renegotiation need to send while a
#sync{}buffer exists, attempt to flush the buffer first. If the flush succeeds, proceed normally. If it times out again, postpone the event and re-buffer the remaining data.Note:
This PR built on top of #10908 because it relies on passing a list of gen_tcp options such as
[{inet_backend, socket}, {send_timeout, 1}]whereinet_backendmust be the first in the list and ssl must not reorder them. I'll rebase this once that one is merged, or let me know if I shall structure or combine the PRs differently.@IngelaAndin