-
Notifications
You must be signed in to change notification settings - Fork 30.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
tls: emit errors on close whilst async action #1702
Conversation
cc @iojs/crypto |
@indutny You fixed at the JS part by checking the _handle, but what I found during an intensive play with TLS is that the _encout was NULL (a C++ level). It is a kind of SSL Close issue race condition (for me), but I need to change the test case because it's very difficult for me to reproduce. Thanks for the fix |
@migounette @EricTheOne: I have updated the PR, please take a look |
@indutny thanks, applied both patches in order on v2.0.2, getting a segfault elsewhere (maybe it's progress):
|
@EricTheOne pushed one more commit, PTAL |
@indutny I've applied all three commits in order, on v2.0.2. Getting a different segfault now:
|
@EricTheOne looks like I don't fully understand problem yet. Any way I can reproduce it locally? |
Just a heads up, @evanlucas discovered a crash in a test: https://gist.github.com/evanlucas/6ab0a62ebe7ffa5d0ddf It is reproducible after patching the test suite: diff --git a/test/parallel/test-tls-js-stream.js b/test/parallel/test-tls-js-stream.js
index e156f44..292bd4f 100644
--- a/test/parallel/test-tls-js-stream.js
+++ b/test/parallel/test-tls-js-stream.js
@@ -61,6 +61,7 @@ var server = tls.createServer({
socket.end('hello');
socket.resume();
+ socket.destroy();
});
socket.once('close', function() { Going to investigate it in detail later. |
@evanlucas and it is actually fixed by this commit ad3a799 |
Erm, not by commit, rather by this PR. |
yay! |
Which is kind of sad for the @EricTheOne's thing... |
When loading session, OCSP response, SNI, always check that the `self._handle` is present. If it is not - the socket was closed - and we should emit the error instead of throwing an uncaught exception. Fix: nodejs/node-v0.x-archive#8780 Fix: nodejs#1696
* Destroy `SSL*` and friends on a next tick to make sure that we are not doing it in one of the OpenSSL callbacks * Add more checks to the C++ methods that might be invoked during destructor's pending queue cleanup Fix: nodejs/node-v0.x-archive#8780 Fix: nodejs#1696
@migounette @EricTheOne any news? ;) |
CI (with style fixes): https://jenkins-iojs.nodesource.com/job/iojs+any-pr+multi/747/ |
CI is green. |
@indutny going to merge this? |
Yeah, let's land it. @trevnorris LGTY? |
LGTM |
When loading session, OCSP response, SNI, always check that the `self._handle` is present. If it is not - the socket was closed - and we should emit the error instead of throwing an uncaught exception. Fix: nodejs/node-v0.x-archive#8780 Fix: #1696 PR-URL: #1702 Reviewed-By: Trevor Norris <trev.norris@gmail.com>
* Destroy `SSL*` and friends on a next tick to make sure that we are not doing it in one of the OpenSSL callbacks * Add more checks to the C++ methods that might be invoked during destructor's pending queue cleanup Fix: nodejs/node-v0.x-archive#8780 Fix: #1696 PR-URL: #1702 Reviewed-By: Trevor Norris <trev.norris@gmail.com>
PR-URL: #1702 Reviewed-By: Trevor Norris <trev.norris@gmail.com>
@@ -747,6 +750,10 @@ void TLSWrap::SetVerifyMode(const FunctionCallbackInfo<Value>& args) { | |||
void TLSWrap::EnableSessionCallbacks( | |||
const FunctionCallbackInfo<Value>& args) { | |||
TLSWrap* wrap = Unwrap<TLSWrap>(args.Holder()); | |||
if (wrap->ssl_ == nullptr) { | |||
return wrap->env()->ThrowTypeError( | |||
"EnableSessionCallbacks after destroySSL"); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Not sure if the error message sounds like a TypeError
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yeah, I think it is worth submitting a follow-up fix PR. ;)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@indutny I feel that the default types of Errors is not enough. We should at least have something like ValueError
. What do you think?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'd say it might be too expensive to create them in C++, unless I'm missing something obvious.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I locally created a patch which fixes all the inconsistent error messages like this, in the js files. And I had an internal/errors.js file which defined ValueError
. Looks like that solves most of the wrong data error messages. But I am not sure if it is worthy introducing a new Error type.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yeah, I don't think anyone really checks the type of error. It kind of serves only an informational purpose when it pops up in the stderr.
When loading session, OCSP response, SNI, always check that the
self._handle
is present. If it is not - the socket was closed - and weshould emit the error instead of throwing an uncaught exception.
Fix: nodejs/node-v0.x-archive#8780
Fix: #1696