[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#8650) EAGAIN from gnutls_handshake not respected

To: openldap-its@OpenLDAP.org
Subject: Re: (ITS#8650) EAGAIN from gnutls_handshake not respected
From: subbarao@computer.org
Date: Fri, 03 Aug 2018 18:35:11 +0000
Auto-submitted: auto-generated (OpenLDAP-ITS)

On 08/03/2018 12:09 PM, Ryan Tandy wrote:
> Thanks for letting me know about this. This patch is running on quite 
> a few systems by now, I'm sorry the problem wasn't caught sooner. :/

No worries, thanks for responding so quickly on this!

>> I'm wondering if there is a better way to handle EAGAIN returned from 
>> gnutls_handshake(), instead of doing a busywait as in ITS#8650, or my 
>> simplistic attempt at inserting a sleep() call which doesn't really 
>> seem to help. I'm wondering how the GnuTLS developers intend for 
>> people to use gnutls_handshake() properly, so as to gracefully handle 
>> sessions that involve long packets on the one hand, without opening 
>> up a vulnerability to chew up lots of system resources on the other 
>> hand.
>
> Right. I mean, this is how GnuTLS' own example shows to do it:
>
> https://gitlab.com/gnutls/gnutls/blob/master/doc/examples/ex-client-dtls.c#L73-77 
>

Hmm, that's a head-scratcher. It doesn't seem very effective to have a 
non-blocking I/O interface and then recommend wrapping it in a busywait 
loop :-)

> We could place a limit on the number of iterations, though any such 
> limit would have to be arbitrary.
>
> There might be an asynchronous GnuTLS API that could be used to avoid 
> tying up slapd while this is going on.
>
> I will look at how some other GnuTLS servers deal with this...

Cool, thanks Ryan.

Regards,

 Â Â Â  -Kartik

Prev by Date: Re: (ITS#8650) EAGAIN from gnutls_handshake not respected
Next by Date: (ITS#8891) LMDB fails to compile on latest Microsoft Visual Studio
Index(es):
- Chronological
- Thread