-
Notifications
You must be signed in to change notification settings - Fork 30.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
SSL sockets may leak when keepalive is enabled #5699
Comments
It's worth mentioning that this happens because |
Nice spotting and nice fix. Worth mentioning that the only place that Would you be willing to make a pull request of your branch against node @saperal ? |
Done #5713 |
SSL sockets leak whenever keep alive is enabled, ca option is set in the global agent, and requests are sent without the ca property. In the following case at Agent.prototype.createSocket a socket will be created with a hashtag name that includes data from the global agents’ ca property. On subsequent requests at Agent.prototype.addRequest we do not find the free socket, because the hashtag name generated there does not take into account the global agents’ ca property, thus creating a new socket and leaving the first socket to timeout. closes: #5699 PR-URL: #5713 Reviewed-By: Benjamin Gruenbaum <benjamingr@gmail.com> Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Reviewed-By: James M Snell <jasnell@gmail.com>
SSL sockets leak whenever keep alive is enabled, ca option is set in the global agent, and requests are sent without the ca property. In the following case at Agent.prototype.createSocket a socket will be created with a hashtag name that includes data from the global agents’ ca property. On subsequent requests at Agent.prototype.addRequest we do not find the free socket, because the hashtag name generated there does not take into account the global agents’ ca property, thus creating a new socket and leaving the first socket to timeout. closes: #5699 PR-URL: #5713 Reviewed-By: Benjamin Gruenbaum <benjamingr@gmail.com> Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Reviewed-By: James M Snell <jasnell@gmail.com>
SSL sockets leak whenever keep alive is enabled, ca option is set in the global agent, and requests are sent without the ca property. In the following case at Agent.prototype.createSocket a socket will be created with a hashtag name that includes data from the global agents’ ca property. On subsequent requests at Agent.prototype.addRequest we do not find the free socket, because the hashtag name generated there does not take into account the global agents’ ca property, thus creating a new socket and leaving the first socket to timeout. closes: #5699 PR-URL: #5713 Reviewed-By: Benjamin Gruenbaum <benjamingr@gmail.com> Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Reviewed-By: James M Snell <jasnell@gmail.com>
issue is in: lib/_http_agent.js
The issue is reproducible whenever the
ca
property is set globally in the agent and an https request is made withhttps.request(ops)
whereops
does not have the propertyca
_http_agent.js @
Agent.prototype.createSocket
the
options
are extended with the globaloptions
object which containsca
. IngetName
ca
is used in the name generation of the hash.however _http_agent.js @
Agent.prototype.addRequest
The
options
(passed from the callhttps.request(ops)
which don't have the propertyca
) are used to get a hashtag which is now different. The socket leaks and is closed when the timeout hits. Meanwhile a new socket is created for the request.The text was updated successfully, but these errors were encountered: