trafficserver-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Bryan Call <bc...@apache.org>
Subject Re: Openssl 1.1.0f Support
Date Tue, 26 Sep 2017 15:52:26 GMT
We should be able to test this by calling ERR_peek_error() or ERR_get_error() in a test build
in production to see if they are picking up any errors that haven’t been cleared.

-Bryan



> On Sep 26, 2017, at 8:05 AM, Sudheer Vinukonda <sudheervinukonda@yahoo.com> wrote:
> 
> Just to add some more context related to this - 
> 
> IIRC, the patch proposed below (to clear the error queue only when an error occurred)
was actually how this fix was implemented when it was first added (sometime during 5.3?) However,
I think it was still resulting in some unexplained handshake/connect failures (which turned
out to be not exactly connect failures, but were being marked so, due to stale error queue).
And that was when the fix was changed to clear the error queue *before* calling connect.
> 
> All of this being a few years and releases ago, may no longer be the case and assuming
the reordering of the clear queue tests good with no handshake failures or other side affects,
this fix sounds fine.
> 
> - Sudheer
> 
> 
> 
> I agree this needs to be tested 
> 
>> On Sep 26, 2017, at 7:51 AM, Leif Hedstrom <zwoop@apache.org> wrote:
>> 
>> 
>>> On Sep 21, 2017, at 8:55 PM, iloveperl@sina.cn wrote:
>>> 
>>> With the patch, the ERR_clear_error() will only be called when the error occurs.
In the normal situation, ERR_clear_error() will not be called, so the Err_get_state() will
not be called and no lock contention in openssl 1.0.1 with the patch. 
>>> 
>>> 
>>> ----- 原始邮件 -----
>>> 发件人:Bryan Call <bcall@apache.org>
>>> 收件人:iloveperl@sina.cn
>>> 抄送人:users <users@trafficserver.apache.org>
>>> 主题:Re: Openssl 1.1.0f Support
>>> 日期:2017年09月21日 23点37分
>>> 
>>> This only changes the order of the calls.  There is still going to be lock contention
inside OpenSSL 1.0.1.
>>> 
>>> -Bryan
>> 
>> 
>> I think this makes a lot of sense (but I haven’t tested it). Did you make a PR
for this on Github?
>> 
>> Cheers,
>> 
>> — leif
>> 
> 


Mime
View raw message