7.1-current SSL

timwoj at ieee.org timwoj at ieee.org
Fri Nov 19 12:57:43 EST 2004


On Tue, 16 Nov 2004, Marcin Kulas wrote:

> On Mon, 15.11.2004 (11:29:56 -0500), timwoj at ieee.org <timwoj at ieee.org> wrote:
>
> I have tested it a little bit. See what I've found:
>
> - raw 317 is doubled in /whois server response,
> - there are some errors while client connecting [1]
> - after some time client gets lagged and disconnected (time out)
>
> Ad.1)
> Here are server notices while connecting client from 81.168.129.137:
>
> *** Notice -- SSL_accept() for 81.168.129.137 (socket 23) in progress...
> *** Notice -- SSL_accept() for 81.168.129.1l wants read or write
>  (SSL_ERROR_WANT_READ), passing through...
> *** Notice -- SSL_accept() for 2.0.166.248 (socket 23) wanting READ error!
>  -- SSL_ERROR_WANT_READ
> *** Notice -- BIO_sock_should_retry(): 1
> *** Notice -- SSL_state_string_long(): SSLv3 read client certificate A
> *** Notice -- SSL_accept() for 2.0.166.248 (socket 23) wanting READ
>   succeeded!
>
> and then, finally:
>
> *** Notice -- Client connecting: qq (ircd at unsigned.int) [81.168.129.137]
>  {oper} [r]
>
> Client seemed to work correctly for a while, but after a few minutes
> I got lagged, and then connection dropped.
>
> I'm not a coder. I can't find a bug in this patch. Can you?
> Notice IP address deformation in the second and third line.
> It always occured on my server during yesterday's tests.

I just put up a second patch that fixes some of this stuff.  It's
available at http://madleet.com/porjects/71ssl-v2.patch.  The duplicate
line in the whois has been removed.  I removed some of the extra
debugging that wasn't needed, and fixed that address bug you mentioned.

I'm still looking into the lagging.  The code isn't that different
between 7.0.3 and 7.1, so I don't see why it would work fine there and
not here.  Just for the record, I'm seeing none of those lag problems on
either local or remote connections.  What client are you using?  Are you
connecting as an oper?  I see you're spoofing the hostname, so maybe I
should try that as well.

Tim



More information about the hybrid mailing list