You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Describe the bug
Erlang OTP had a change to how the sni_fun SSL option is used. This change causes the sni_fun/2 callback function to be called twice for a connection.
This change to Erlang OTP was made in commit Update server_name_indication options, hash 9e7c030 and it was released in version 26.0.
The fact that the sni_fun/2 function is called twice during a handshake, may not be a bug by itself. However, it is a change from previous behavior. If the particular sni_fun/2 implementation has no side effects then there is no issue. But if it has side effects or it involves heavier processing, like a database query (even without side effects), the second invocation of the function is anything but optimal.
Upon further inspection of the changes in that commit, I think there is a bug. In the ssl.erl module, there is this:
If sni_fun is undefined, it will define a function that will just return SSL options for the Host from the sni_hosts field if they exist. If not, it will return undefined. The point is that with this change, sni_fun will always exist and it may now return undefined.
Now, if we look at the changes in ssl_gen_statem.erl:
Describe the bug
Erlang OTP had a change to how the
sni_fun
SSL option is used. This change causes thesni_fun/2
callback function to be called twice for a connection.This change to Erlang OTP was made in commit Update server_name_indication options, hash 9e7c030 and it was released in version 26.0.
The diff causing it is:
And because of how the call chain is:
... and then ...
…
sni_fun
is called two times.The fact that the
sni_fun/2
function is called twice during a handshake, may not be a bug by itself. However, it is a change from previous behavior. If the particularsni_fun/2
implementation has no side effects then there is no issue. But if it has side effects or it involves heavier processing, like a database query (even without side effects), the second invocation of the function is anything but optimal.Upon further inspection of the changes in that commit, I think there is a bug. In the
ssl.erl
module, there is this:If
sni_fun
isundefined
, it will define a function that will just return SSL options for the Host from thesni_hosts
field if they exist. If not, it will returnundefined
. The point is that with this change,sni_fun
will always exist and it may now returnundefined
.Now, if we look at the changes in
ssl_gen_statem.erl
:we see that the behavior has changed. Previously, if
Host
did not exist insni_hosts
, it would returnfalse
. Now it will returntrue
. The lineFun(Hostname) =:= undefined
should be
Fun(Hostname) =/= undefined
.
Expected behavior
That
sni_fun
be only called once during a handshake.Affected versions
OTP 26
The text was updated successfully, but these errors were encountered: