diff options
author | unknown <dkatz@damien-katzs-computer.local> | 2007-07-12 22:06:33 -0400 |
---|---|---|
committer | unknown <dkatz@damien-katzs-computer.local> | 2007-07-12 22:06:33 -0400 |
commit | b7527f6b72cbd3d919671ed15262b1893166e125 (patch) | |
tree | d6585a05edfef5208ae906f073d0280bb05f4679 /vio | |
parent | d99af83936d2061f6fa78eeb9b47081d8cf9b81b (diff) | |
download | mariadb-git-b7527f6b72cbd3d919671ed15262b1893166e125.tar.gz |
Bug #29579 Clients using SSL can hang the server
Added an option to yassl to allow "quiet shutdown" like openssl does. This option causes the SSL libs to NOT perform the close_notify handshake during shutdown. This fixes a hang we experience because we hold a lock during socket shutdown.
mysql-test/t/ssl_big.test:
BitKeeper file /Users/dkatz/50/mysql-test/t/ssl_big.test
mysql-test/r/ssl-big.result:
BitKeeper file /Users/dkatz/50/mysql-test/r/ssl-big.result
client/mysqltest.c:
Added new command to mysqltest to send a quit command to the server, but to not close the actual socket on our end.
Also changed code to reuse connection slots, so that the tests can open and close sockets in a loop.
extra/yassl/include/openssl/ssl.h:
Added C accessors to the quietShutdown option.
extra/yassl/include/yassl_int.hpp:
Added quietShutdown_ member and accessor methods to the SSL class.
extra/yassl/src/ssl.cpp:
Added accessors to get/set the quietShutdown option and to not perform the shutdown handshake if quietShutdown is set.
extra/yassl/src/yassl_int.cpp:
Added quietShutdown_ member and accessor methods to the SSL class.
vio/viossl.c:
Added line to set the quiet_shutdown option before shutting down the socket.
mysql-test/t/ssl-big.test:
Added a test that causes an unpatched server to hang during SSL socket shutdown.
Diffstat (limited to 'vio')
-rw-r--r-- | vio/viossl.c | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/vio/viossl.c b/vio/viossl.c index 5e4203a3fb5..861989136d3 100644 --- a/vio/viossl.c +++ b/vio/viossl.c @@ -123,6 +123,16 @@ int vio_ssl_close(Vio *vio) if (ssl) { + /* + THE SSL standard says that SSL sockets must send and receive a close_notify + alert on socket shutdown to avoid truncation attacks. However, this can + cause problems since we often hold a lock during shutdown and this IO can + take an unbounded amount of time to complete. Since our packets are self + describing with length, we aren't vunerable to these attacks. Therefore, + we just shutdown by closing the socket (quiet shutdown). + */ + SSL_set_quiet_shutdown(ssl, 1); + switch ((r= SSL_shutdown(ssl))) { case 1: |