Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Error when using SSL #196

Open
crspybits opened this issue May 20, 2017 · 4 comments
Open

Error when using SSL #196

crspybits opened this issue May 20, 2017 · 4 comments

Comments

@crspybits
Copy link

I switched over to using Kitura with SSL (and self-signed certificates). I'm getting no errors specific to my server, but I do get reports of:

[2017-05-19T20:50:50.263-06:00] [ERROR] [IncomingSocketHandler.swift:148 handleRead()] Read from socket (file descriptor 8) failed. Error = Error code: -9806(0x-264E), ERROR: SSLRead, code: -9806, reason: errSSLClosedAbort.

This is not causing failures, but doesn't look good.

Suggestions?
Thanks,
Chris.
@crspybits
Copy link
Author

An update on this issue. I am getting some failures with an issue that seems directly connected to the above SSL usage with my Kitura-based server.

When I run the server on MacOS, using self-signing certificates (and following the technique given here https://developer.ibm.com/swift/2016/09/22/securing-kitura-part-1-enabling-ssltls-on-your-swift-server/), I get the above kind of error (i.e., errSSLClosedAbort). Plus, with certain of my endpoints my call to RouterResponse's end method blocks the server thread. This is happening specifically when I am completing a download of data using a HTTP GET. On MacOS, when the server blocks on these end calls, the client doesn't notice-- e.g., it is not also blocked.

When I run the server on Ubuntu 16.04 Linux, I run into a similar but even more severe situation. These same end calls tend to block the server thread, and the client side times out on these endpoint calls.

I should mention, I'm using an iOS Swift-based client with URLSession's to do the downloads and other server endpoint communication.

This is an open source project, and I could point you to the code. So far, I'm just trying to characterize the problem and haven't tried creating a simpler instance of the problem.

@crspybits
Copy link
Author

Further update. I've now tried this with a CA Authority signed SSL certificate (from https://letsencrypt.org). The same basic issue occurs. When I'm doing multiple successive of these in a row, the server thread blocks on a GET download of data. This is where it's failing in my server: https://github.com/crspybits/SyncServerII/blob/master/Server/Sources/Server/ServerSetup.swift#L146

I'm running the following test on my iOS client:
https://github.com/crspybits/SyncServerII/blob/master/iOS/Example/Tests/Performance.swift#L53

Also, and I'm not sure how/if this is related, I am getting lots of the error:
[2017-05-25T03:23:30.802Z] [ERROR] [HTTPServer.swift:194 listen(listenSocket:socketManager:)] Error accepting client connection: Error code: 1(0x1), ERROR: SSL_accept, code: 1, reason: Could not determine error reason.

@crspybits
Copy link
Author

Still having the same kind of issue, and I've detailed progress here:
https://stackoverflow.com/questions/44224048/timeout-issue-when-downloading-from-aws-ec2-to-ios-app

@crspybits
Copy link
Author

It looks like I've got a work-around for this issue. Take a look at Update5 on my stackoverflow post above. I still have some concerns about being able to get the server into a state where there are numerous server threads blocked. It looks like a client can cause the server to get into such a state. Any suggestions would be welcomed.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@crspybits