Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

HPCC-32715 SSL_connect/accept should honor timeout provided #19156

Open
wants to merge 1 commit into
base: candidate-9.8.x
Choose a base branch
from
Open

HPCC-32715 SSL_connect/accept should honor timeout provided #19156

wants to merge 1 commit into from

Conversation

mckellyln
Copy link
Contributor

Type of change:

  • This change is a bug fix (non-breaking change which fixes an issue).
  • This change is a new feature (non-breaking change which adds functionality).
  • This change improves the code (refactor or other change that does not change the functionality)
  • This change fixes warnings (the fix does not alter the functionality or the generated code)
  • This change is a breaking change (fix or feature that will cause existing behavior to change).
  • This change alters the query API (existing queries will have to be recompiled)

Checklist:

  • My code follows the code style of this project.
    • My code does not create any new warnings from compiler, build system, or lint.
  • The commit message is properly formatted and free of typos.
    • The commit message title makes sense in a changelog, by itself.
    • The commit is signed.
  • My change requires a change to the documentation.
    • I have updated the documentation accordingly, or...
    • I have created a JIRA ticket to update the documentation.
    • Any new interfaces or exported functions are appropriately commented.
  • I have read the CONTRIBUTORS document.
  • The change has been fully tested:
    • I have added tests to cover my changes.
    • All new and existing tests passed.
    • I have checked that this change does not introduce memory leaks.
    • I have used Valgrind or similar tools to check for potential issues.
  • I have given due consideration to all of the following potential concerns:
    • Scalability
    • Performance
    • Security
    • Thread-safety
    • Cloud-compatibility
    • Premature optimization
    • Existing deployed queries will not be broken
    • This change fixes the problem, not just the symptom
    • The target branch of this pull request is appropriate for such a change.
  • There are no similar instances of the same problem that should be addressed
    • I have addressed them here
    • I have raised JIRA issues to address them separately
  • This is a user interface / front-end modification
    • I have tested my changes in multiple modern browsers
    • The component(s) render as expected

Smoketest:

  • Send notifications about my Pull Request position in Smoketest queue.
  • Test my draft Pull Request.

Testing:

@github-actions GitHub Actions
Copy link

Jira Issue: https://hpccsystems.atlassian.net//browse/HPCC-32715

Jirabot Action Result:
Assigning user: [email protected]
Workflow Transition To: Merge Pending
Updated PR

@mckellyln mckellyln requested a review from jakesmith September 26, 2024 19:18
jakesmith
jakesmith reviewed Sep 30, 2024
View reviewed changes
Copy link
Member

@jakesmith jakesmith left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@mckellyln - please see comments.

esp/bindings/http/client/httpclient.cpp
m_socket = ISocket::connect_timeout(ep, m_connectTimeoutMs);

if(strcmp(m_protocol.get(), "HTTPS") == 0)
{
ISecureSocket* securesocket = m_ssctx->createSecureSocket(m_socket, SSLogNormal, m_host.str());
int res = securesocket->secure_connect();
unsigned remainingMs = timer.remainingMs(m_connectTimeoutMs);
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

remainingMs could be zero here (due to some weird delay in createSecureSocket),
but strictly speaking it should probably abort if so before trying to call secure_connect.

system/security/securesocket/securesocket.cpp
while (true)
{
err = SSL_accept(m_ssl);
if (err > 0)
{
if (logLevel > SSLogNormal)
if (this->m_loglevel > SSLogNormal)
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

why "this->"? (and other lines)
[ no other member variable is qualified this way ]

system/security/securesocket/securesocket.cpp
@@ -16,6 +16,7 @@
############################################################################## */

// Some ssl prototypes use char* where they should be using const char *, resulting in lots of spurious warnings
#include "jexcept.hpp"
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

the #include "jliball.hpp" already includes jexecpt.hpp (on line 25)

(jliball seems like a bad idea - but not new)

system/security/securesocket/securesocket.cpp
@@ -2304,7 +2313,7 @@ class CSingletonSecureSocketConnection: public CSingletonSocketConnection
if (srtn)
{
Owned<ISecureSocket> ssock = secureContextServer->createSecureSocket(sock.getClear(), tlsLogLevel);
int status = ssock->secure_accept(tlsLogLevel);
int status = ssock->secure_accept(timeoutms);
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

looks like this (CSingletonSecureSocketConnection::accept) method should also have a CCycleTimer added before the line 2312, and pass timer.remainingMs to secure_accept here.

system/jlib/jsocket.hpp
@@ -44,6 +44,8 @@
#define WAIT_FOREVER ((unsigned)-1)
#endif

#define DEFAULT_CONNECT_TIME (100*1000) // for connect_wait
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

now used for accept too, prob. either worth updating the comment, or introducing another #define (or constexpr) for defaultAcceptTimeMs.

fs/dafsclient/rmtclient.cpp
@@ -1343,7 +1354,7 @@ unsigned getRemoteVersion(ISocket *origSock, StringBuffer &ver)
if (!origSock)
return 0;

Owned<ISocket> socket = checkSocketSecure(origSock);
Owned<ISocket> socket = checkSocketSecure(origSock, 10000);
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

any significance to 10000 vs using default ?

fs/dafsclient/rmtclient.hpp
@@ -63,7 +63,7 @@ extern DAFSCLIENT_API int getDafsInfo(ISocket * socket, unsigned level, StringBu
extern DAFSCLIENT_API void setDafsEndpointPort(SocketEndpoint &ep);
extern DAFSCLIENT_API void setDafsLocalMountRedirect(const IpAddress &ip,const char *dir,const char *mountdir);
extern DAFSCLIENT_API ISocket *connectDafs(SocketEndpoint &ep, unsigned timeoutms, const IPropertyTree *service); // NOTE: might alter ep.port if configured for multiple ports ...
extern DAFSCLIENT_API ISocket *checkSocketSecure(ISocket *socket);
extern DAFSCLIENT_API ISocket *checkSocketSecure(ISocket *socket, unsigned timeoutms);
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

cpp has unsigned timeoutms = DEFAULT_CONNECT_TIME, I suspect default should be here.

roxie/ccd/ccdlistener.cpp
@@ -142,7 +142,7 @@ class CascadeManager : public CInterface
if (!ssock)
throw makeStringException(ROXIE_TLS_ERROR, "Roxie CascadeManager failed creating secure socket for roxie control message");

int status = ssock->secure_connect();
int status = ssock->secure_connect(2000);
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I do wonder whether the secure socket connect/accept defaults should be different from the jsocket defaults.
These timings (to ssl connect/accept) would generally expect to be shorter than connecting to the raw socket.

And then maybe this/other places, could generally rely on the defaults.

system/mp/mpcomm.cpp
int tlsTraceLevel = SSLogMin;
if (parent->mpTraceLevel >= MPVerboseMsgThreshold)
tlsTraceLevel = SSLogMax;
int status = ssock->secure_connect(tlsTraceLevel);
Owned<ISecureSocket> ssock = secureContextClient->createSecureSocket(newsock.getClear(), tlsTraceLevel);
tm.timedout(&remaining);
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think should be:

if (tm.timedout(&remaining))
    return false;

system/mp/mpcomm.cpp
int tlsTraceLevel = SSLogMin;
if (parent->mpTraceLevel >= MPVerboseMsgThreshold)
tlsTraceLevel = SSLogMax;
int status = ssock->secure_accept(tlsTraceLevel);
Owned<ISecureSocket> ssock = secureContextServer->createSecureSocket(sock.getClear(), tlsTraceLevel);
int status = ssock->secure_accept(10000);
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

see other comment(s). There's a few different constants used for secure_connect/secure_accept, in most cases sensible defaults should be used. I think secure socket connect/accept should have different defaults to jsocket's raw socket connect/accept. They are not expected to have the same timing semantics.

@jakesmith
Copy link
Member

@mckellyln - I think this is a significant enough change that it should target master.

@ghalliday
Copy link
Member

@mckellyln ?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jakesmith jakesmith jakesmith left review comments

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@mckellyln @jakesmith @ghalliday