Menu
▾
▴
Re: [Ocamlnet-devel] [PATCH] Persistent connections and HTTPS
|
From: Gerd S. <in...@ge...> - 2013-10-01 14:27:01
|
Hi, I finally fixed this problem the clean way, namely by storing the SSL socket in the connection cache. This solution is now committed to trunk. Gerd Am Samstag, den 21.09.2013, 22:58 +0300 schrieb Török Edwin: > Hi, > > Attached patch implements a workaround to allow persistent connections to work with HTTPS, > avoiding bugs in Https_client#continue. See below for the long explanation. > > Persistent HTTP connections work if I enable the aggressive connection cache with Http_client. > However with Https_client I noticed that it always closed and reopened the Ssl connections. > While this doesn't influence the application's correctness (thanks to the retry mechanisms in Http_client!), it heavily influences its performance: the latency is very bad due to repeated reopened connections, and repeated SSL handshakes ... even on localhost. > > Enabling Netlog debugging showed that some Ssl exceptions were thrown each time around read/write/shutdown after the 1st query completed. Further investigation revealed that the problem might be with Https_client#continue: > > method continue fd cb tmo tmo_x host port esys = > - let mplex = > - Uq_ssl.create_ssl_multiplex_controller > - ~close_inactive_descr:true > - ~preclose:(preclose fd) > - ~initial_state:`Client > - ~timeout:(tmo, tmo_x) > - fd ctx esys in > - (mplex :> Uq_engines.multiplex_controller) > > Problems with this code: > * creating a new ssl multiplex controller will create a new Ssl.socket (and share just the Ssl.context and fd). > * the new Ssl.socket doesn't have a defined state (SSL_set_connected_state was not called, and there was no prior handshake either), causing further operations on it to raise errors (if I add some debugging code > to Uq_ssl to print Ssl.get_error_string): > [Thu Sep 19 14:57:29 2013] [debug] [7534:11] Uq_ssl: SSL write error: error:140D0114:SSL routines:SSL_write:uninitialized > [Thu Sep 19 14:57:29 2013] [debug] [7534:11] Uq_ssl: SSL read error: error:140DF114:SSL routines:SSL_read:uninitialized > [Thu Sep 19 14:57:29 2013] [debug] [7534:11] Uq_ssl: SSL shutdown error: error:140E0114:SSL routines:SSL_shutdown:uninitialized > * the new Ssl.socket is probably missing the state of the handshake (session keys, etc.) > > > The attached workaround implements a very simple workaround: if the esys is still the same > just reuse the previous multiplex controller, I'm guessing this is what the Hashtbl was meant for anyway. > > A better solution would be to have something like create_ssl_multiplex_controller_for_existing_session that would take the existing Ssl.socket instead of creating a new one, and then Https_client#continue wouldn't have to drop the connection if esys or tmo changes. > > Best regards, > --Edwin > > ------------------------------------------------------------------------------ > LIMITED TIME SALE - Full Year of Microsoft Training For Just $49.99! > 1,500+ hours of tutorials including VisualStudio 2012, Windows 8, SharePoint > 2013, SQL 2012, MVC 4, more. BEST VALUE: New Multi-Library Power Pack includes > Mobile, Cloud, Java, and UX Design. Lowest price ever! Ends 9/22/13. > http://pubads.g.doubleclick.net/gampad/clk?id=64545871&iu=/4140/ostg.clktrk > _______________________________________________ Ocamlnet-devel mailing list Oca...@li... https://lists.sourceforge.net/lists/listinfo/ocamlnet-devel -- ------------------------------------------------------------ Gerd Stolpmann, Darmstadt, Germany ge...@ge... My OCaml site: http://www.camlcity.org Contact details: http://www.camlcity.org/contact.html Company homepage: http://www.gerd-stolpmann.de ------------------------------------------------------------ |
