-
Notifications
You must be signed in to change notification settings - Fork 1.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Reactor changes in 1.6 seems to break SSL servers #127
Comments
1.6 is under testing, thats why there is no gem for it yet :D A bunch of fixes went in yesterday, when did you try it? |
Ah! Didn't realize it hadn't been released yet. Bad assumption on my part :D I pulled a few hours ago to test, so I reckon I've tried with the most recent. |
I just tested against git master and I don't seem to see what you're seeing. I tried the setup you said and it seemed to work fine. Could you give me more details of what you're seeing? Do you see any console output? |
Sure. I've cloned the repo from master into Gemfile:
I'm using the keys from
and the failure case(
In the failure case, Chrome just spins until I hit the stop button, after which
Chrome version: Version 20.0.1132.57 In Firefox the results look slightly different:
Same story here, Firefox spins until I hit stop, after which there is output from puma to the console (starting with In Safari, the request works immediately. Safari Version 5.1.7 (7534.57.2). Let me know if there's anything else I can provide! |
This has been fixed by working around a buffering behavior in JRuby's OpenSSL. |
So far from my testing the problem seems to remain - at least on Chrome and Firefox. I've pulled the latest this AM and am running master branch. Anything additional info can provide? |
That's very surprising. I need to know exactly what your config.ru is so that I can reproduce what you're seeing exactly. |
Sure - maybe I'm just hitting some strange bundler/rvm issue or something. At any rate, my config.ru:
Gemfile:
starting the server and hitting it with chrome:
Chrome is now spinning, and once I hit stop on chrome, "call" is output. jruby version:
|
Anything else I can provide here to help? |
So, I'm getting back around to this. I just pushed a jruby-ssl-bug branch that shows that it seems that OpenSSL in JRuby has a fatal bug. IO.select says there is data but doing a sysread_nonblock always raises IO::WaitReadable, thus going into a loop. @headius could you weigh in here? It seems like a bug I can't work around. |
Thanks for looking into this again! I'll take a look tonight and see if one of the way's I've monkey-patched OpenSSL for my project will make this work for me in it's current state |
I've started an experiment today of not using the stock OpenSSL and instead writing MiniSSL that has just enough of what I need and none of the bugs. Hopefully I'll have it done this week.
On Aug 22, 2012, at 5:27 PM, Ben Porterfield notifications@github.com wrote:
|
I've attempted to create a simple gist of this bug: https://gist.github.com/3531448 Works in 1.9.3, raises 'read would raise' in JRuby 1.7-pre2. Can you confirm that this accurately represents the problem before I submit to JRuby issues? This stuff is pretty new to me so another opinion is helpful. |
The problem appears to be bugs in how JRuby's jruby-ossl gem in 1.6 handles nonblocking. I guess there is a bunch of fixes in 1.7 though, so you could try that instead. I'm going to have to implement the MiniSSL engine (which is coming along) to work around these bugs to work on JRuby 1.6 I believe. |
I actually was testing in 1.7-pre2 - looks like it still exists there. I'll submit the bug. Thanks for the work on MiniSSL stuff, that will be great! On that note - today in Puma, SSL handshake happens in the accept call to an SSLServer - this suggests to me that handshakes block the listen loop, so lots of SSL handshakes could slow down the server. Would moving the handshake to the worker thread increase performance? |
Yes, the handshake is happening inside the listen loop, and yes we should move it into the initial worker thread. Doing that with the current OpenSSL API is more difficult because parts of that are hidden, but doing it with MiniSSL should be trivial. |
Turns out that there are just too many bugs in JRuby's OpenSSL right now. I've disabled SSL support on JRuby for now as a result. We'll reevaluate in the future. |
This shit was crazy complicated. :/ |
This could probably be reevaluated. I will try to get to it myself some day, but if someone else wants to poke at it we'd appreciate it. Either the new ossl stuff @evanphx wrote or the now-bundled-and-fixed-and-working ossl library in JRuby 1.7+ should be able to support this. |
Thanks @headius for taking a look! You're correct, the reported bug (https://gist.github.com/bporterfield/3531448) is no longer broken in JRuby 1.7+. However, @evanphx wrote the reactor changes in a way that is still broken in JRuby because of a different JRuby ossl bug: https://gist.github.com/bporterfield/3557313. I've got a ticket filed for this bug: https://jira.codehaus.org/browse/JRUBY-6874. Would love some attention to it - we're using a much much older version of Puma as a consequence. |
@bporterfield - I've added my vote to that JIRA issue, as I'm also in the same boat as you. |
Update RubyGems to 2.6.10
Hello!
Trying to upgrade to Puma 1.6, but the changes appear to break SSL servers.
To test - config.ru:
Starting with:
puma -b tcp://127.0.0.1:3000 config.ru
and hittinghttp://localhost:3000
returns outputscall
and returnshello
to the browser.Starting with
and hitting
https://localhost:3000
just spins. If I cancel the request from the browser,call
is then output.Same results in 1.6 and master. Using JRuby 1.6.7, testing with Chrome and Firefox on Max OS X.
The text was updated successfully, but these errors were encountered: