snapshots: add https #6354
Merged
snapshots: add https #6354
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
cali-jumptrading
force-pushed
the
cali/add-https
branch
4 times, most recently
from
af17034 to
29a54f9
Compare
cali-jumptrading
force-pushed
the
cali/add-https
branch
24 times, most recently
from
a0bd347 to
3488f1f
Compare
ripatel-fd
reviewed
Nov 21, 2025
ripatel-fd
reviewed
Nov 21, 2025
| http_connect_ssl( fd_sshttp_t * http, | ||
| long now ) { | ||
| if( FD_UNLIKELY( now>http->deadline ) ) { | ||
| FD_LOG_WARNING(("deadline exceeded during connect")); |
Contributor
There was a problem hiding this comment.
Suggested change
| FD_LOG_WARNING(("deadline exceeded during connect")); | |
| FD_LOG_WARNING(( "deadline while connecting to HTTPS snapshot server" )); |
Might also want to log the peer URL here
ripatel-fd
reviewed
Nov 21, 2025
| if( FD_UNLIKELY( ssl_err!=1 ) ) { | ||
| int ssl_err_code = SSL_get_error( http->ssl, ssl_err ); | ||
| if( FD_UNLIKELY( ssl_err_code!=SSL_ERROR_WANT_READ && ssl_err_code!=SSL_ERROR_WANT_WRITE ) ) { | ||
| FD_LOG_WARNING(( "SSL_connect failed (%d)", ssl_err )); |
Contributor
There was a problem hiding this comment.
These WARNING logs should ideally be operator friendly.
e.g. error while downloading snapshot from https://: SSL_connect failed (%i-%s)
ripatel-fd
reviewed
Nov 21, 2025
| if( FD_LIKELY( res<=0 ) ) { | ||
| int ssl_err_code = SSL_get_error( http->ssl, res ); | ||
| if( FD_UNLIKELY( ssl_err_code!=SSL_ERROR_WANT_READ && ssl_err_code!=SSL_ERROR_WANT_WRITE && res!=0 ) ) { | ||
| FD_LOG_WARNING(( "SSL_shutdown failed (%d)", ssl_err_code )); |
Contributor
There was a problem hiding this comment.
same here, warning log shoudl be operator friendly
ripatel-fd
reviewed
Nov 21, 2025
| int ssl_err = SSL_get_error( http->ssl, read_res ); | ||
|
|
||
| if( FD_UNLIKELY( ssl_err!=SSL_ERROR_WANT_READ && ssl_err!=SSL_ERROR_WANT_WRITE ) ) { | ||
| FD_LOG_WARNING(( "SSL_read failed (%d)", ssl_err )); |
Contributor
There was a problem hiding this comment.
operator friendly warning log
ripatel-fd
reviewed
Nov 21, 2025
| int ssl_err = SSL_get_error( http->ssl, write_res ); | ||
|
|
||
| if( FD_UNLIKELY( ssl_err!=SSL_ERROR_WANT_READ && ssl_err!=SSL_ERROR_WANT_WRITE ) ) { | ||
| FD_LOG_WARNING(( "SSL_write failed (%d)", ssl_err )); |
Contributor
There was a problem hiding this comment.
operator friendly warning log
ripatel-fd
reviewed
Nov 21, 2025
| long sent = sendto( http->sockfd, buf, bufsz, 0, NULL, 0 ); | ||
| if( FD_UNLIKELY( -1==sent && errno==EAGAIN ) ) return FD_SSHTTP_ADVANCE_AGAIN; | ||
| else if( FD_UNLIKELY( -1==sent ) ) { | ||
| FD_LOG_WARNING(( "sendto() failed (%d-%s)", errno, fd_io_strerror( errno ) )); |
Contributor
There was a problem hiding this comment.
operator friendly warning log
ripatel-fd
reviewed
Nov 21, 2025
src/discof/restore/utils/fd_sshttp.c
Outdated
| .fd = http->sockfd, | ||
| .events = POLLIN, | ||
| }; | ||
| fd_syscall_poll( &pfd, 1 /*fds*/, 1 /*ms*/ ); |
Contributor
There was a problem hiding this comment.
check error code of syscall (FD_LOG_ERR if poll returns a weird errno)
ripatel-fd
reviewed
Nov 21, 2025
| int ssl_err = SSL_get_error( ssresolve->ssl, write_res ); | ||
|
|
||
| if( FD_UNLIKELY( ssl_err!=SSL_ERROR_WANT_READ && ssl_err!=SSL_ERROR_WANT_WRITE ) ) { | ||
| FD_LOG_WARNING(( "SSL_write failed (%d)", ssl_err )); |
Contributor
There was a problem hiding this comment.
operator friendly error log
ripatel-fd
reviewed
Nov 21, 2025
|
|
||
| read = (long)read_res; | ||
| #else | ||
| FD_LOG_ERR(( "cannot use HTTPS without OpenSSL" )); |
Contributor
There was a problem hiding this comment.
this build of Firedancer does not support OpenSSL, rebuild with deps.sh
or something along those lines, otherwise operator is going to be confused why OpenSSL was not fonud
ripatel-fd
previously requested changes
Nov 21, 2025
| if( FD_UNLIKELY( ssl_err!=1 ) ) { | ||
| int ssl_err_code = SSL_get_error( ssresolve->ssl, ssl_err ); | ||
| if( FD_UNLIKELY( ssl_err_code!=SSL_ERROR_WANT_READ && ssl_err_code!=SSL_ERROR_WANT_WRITE ) ) { | ||
| FD_LOG_WARNING(( "SSL_connect failed (%d)", ssl_err_code )); |
Contributor
There was a problem hiding this comment.
operator friendly error log
Contributor
Author
There was a problem hiding this comment.
I'll address log-related comments in a follow up
ripatel-fd
previously approved these changes
Nov 21, 2025
cali-jumptrading
dismissed stale reviews from ripatel-fd and amass-jump
via
169f412
cali-jumptrading
force-pushed
the
cali/add-https
branch
from
92a9bbd to
169f412
Compare
Performance Measurements ⏳
|
cali-jumptrading
force-pushed
the
cali/add-https
branch
from
169f412 to
d42f65d
Compare
ripatel-fd
previously approved these changes
Nov 24, 2025
Performance Measurements ⏳
|
Fixes incorrect usage of the OpenSSL 'static' feature which is intended for statically linking glibc. The static feature breaks multi-threaded use of OpenSSL, so it should be disabled. Note that libssl.a still gets built, so OpenSSL itself is still statically linked.
Performance Measurements ⏳
|
mmcgee-jump
approved these changes
Nov 24, 2025
| FD_MCNT_SET( TOWER, HARD_FORKS_PRUNED, ctx->metrics.hard_forks.pruned ); | ||
|
|
||
| FD_MGAUGE_SET( TOWER, HARD_FORKS_ACTIVE, ctx->metrics.hard_forks.active ); | ||
| FD_MGAUGE_SET( TOWER, HARD_FORKS_MAX_WIDTH, ctx->metrics.hard_forks.max_width ); |
Contributor
There was a problem hiding this comment.
was this intended?
Contributor
Author
There was a problem hiding this comment.
yes, charlie forgot to remove this line after he removed the metric in metrics.xml
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
No description provided.