Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore: Ocsp timeout adjustment #4866

Merged
merged 4 commits into from
Nov 21, 2024
Merged

chore: Ocsp timeout adjustment #4866

merged 4 commits into from
Nov 21, 2024

Conversation

dougch
Copy link
Contributor

@dougch dougch commented Oct 31, 2024
edited
Loading

Description of changes:

While investigating a spike in integration test runtimes, I came across a single OCSP test that took 30 minutes, which appears intentional. The average runtime of the whole test suite is 65 seconds.

Dial back the wait time to 90 seconds and add a flaky mark with 3 retires, so if there is a hang, it gets cleaned up faster and retried. If there is more context or recommendation about a better timeout, let's bump it.

285: ============================= slowest 10 durations =============================
285: 2000.05s call     test_ocsp.py::test_s2n_server_ocsp_response[OCSP_RSA-TLS1.2-P-521-S2N-OpenSSL-ECDHE-RSA-AES128-SHA256]
285: 1.08s call     test_ocsp.py::test_s2n_client_ocsp_response[OCSP_RSA-TLS1.2-P-256-S2N-OpenSSL-DHE-RSA-AES256-GCM-SHA384]
285: 1.06s call     test_ocsp.py::test_s2n_client_ocsp_response[OCSP_RSA-TLS1.2-P-256-S2N-OpenSSL-DHE-RSA-AES128-SHA]
285: 1.06s call     test_ocsp.py::test_s2n_client_ocsp_response[OCSP_RSA-TLS1.1-P-256-S2N-OpenSSL-DHE-RSA-AES256-SHA]
285: 1.06s call     test_ocsp.py::test_s2n_client_ocsp_response[OCSP_RSA-TLS1.2-P-521-S2N-OpenSSL-DHE-RSA-AES128-GCM-SHA256]
285: 1.05s call     test_ocsp.py::test_s2n_client_ocsp_response[OCSP_RSA-TLS1.2-P-256-S2N-OpenSSL-DHE-RSA-AES256-SHA256]
285: 1.05s call     test_ocsp.py::test_s2n_client_ocsp_response[OCSP_RSA-TLS1.2-P-256-S2N-OpenSSL-DHE-RSA-AES128-SHA256]
285: 1.04s call     test_ocsp.py::test_s2n_client_ocsp_response[OCSP_RSA-TLS1.2-P-521-S2N-OpenSSL-DHE-RSA-AES256-SHA]
285: 1.03s call     test_ocsp.py::test_s2n_client_ocsp_response[OCSP_RSA-TLS1.2-P-384-S2N-OpenSSL-DHE-RSA-AES128-SHA]
285: 1.03s call     test_ocsp.py::test_s2n_client_ocsp_response[OCSP_RSA-TLS1.2-P-521-S2N-OpenSSL-DHE-RSA-AES128-SHA]
285: =========================== short test summary info ============================
...
285: ================== 576 passed, 1 rerun in 2012.69s (0:33:32) ===================
1/1 Test #285: integrationv2_ocsp ...............   Passed  2013.06 sec

Testing:

How is this change tested (unit tests, fuzz tests, etc.)? Are there any testing steps to be verified by the reviewer?

Is this a refactor change? If so, how have you proved that the intended behavior hasn't changed?

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

@github-actions github-actions bot added the s2n-core team label Oct 31, 2024
@dougch dougch marked this pull request as ready for review November 13, 2024 22:05
lrstewart
lrstewart reviewed Nov 14, 2024
View reviewed changes
tests/integrationv2/test_ocsp.py
Comment on lines -122 to +125
server = managed_process(S2N, server_options, timeout=2000)
server = managed_process(S2N, server_options, timeout=90)
client = managed_process(provider, client_options,
timeout=2000, kill_marker=kill_marker)
timeout=90, kill_marker=kill_marker)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hmmm the original PR had 2000, but no explanation for it and none of the reviewers questioned it. @goatgoose any chance you remember the reasoning from almost 3 years ago? :P

Copy link
Contributor

@goatgoose goatgoose Nov 19, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I do not remember sadly. I'm guessing it was a mistake though. 2,000 seems way too high to be intentional. Maybe leftover from debugging or something.

tests/integrationv2/test_ocsp.py Outdated Show resolved Hide resolved
@dougch dougch merged commit 2a73f90 into aws:main Nov 21, 2024
38 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@lrstewart lrstewart lrstewart approved these changes

@goatgoose goatgoose goatgoose approved these changes

Assignees
No one assigned
Labels
s2n-core team
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@dougch @goatgoose @lrstewart