[hunchentoot-devel] ssl crashing in hunchentoot. A solution?
JTK
jetmonk at gmail.com
Fri Apr 1 06:43:38 UTC 2011
I hope it is OK to send this to both the hunchentoot and cl+ssl lists. I think it is relevant to both.
I've appended a test case in which I think I may have found the source of hunchentoot's problems
with ssl and concurrency.
Code containing good and bad toy servers is attached at end of email.
Apologies in advance if this is way out in left field.
Here's my explanation - the comments in the code explain it in greater detail.
It appears that if you run a main listener thread and turn a client connection
into an SSL socket using cl+ssl:make-ssl-server-stream within the main listener,
and pass this ssl-socket to a child thread, then things work.
However, if you pass the raw socket to the child thread, and the child thread itself runs
cl+ssl:make-ssl-server-stream, then SSL can fail and crash lisp if there are
concurrent connections.
It seems that hunchentoot passes the job of running cl+ssl:make-ssl-server-stream
to child threads, as described in the comments to the code.
I'd be interested if people agree with the diagnosis. I'm not really clear
on what the broader repercussions of moving the initialization are, so
I haven't patched hunchentoot. (plus I might not have more time for a while).
John
-------------- next part --------------
A non-text attachment was scrubbed...
Name: example-threaded.lisp
Type: application/octet-stream
Size: 5083 bytes
Desc: not available
URL: <https://mailman.common-lisp.net/pipermail/tbnl-devel/attachments/20110331/f32da911/attachment.obj>
More information about the Tbnl-devel
mailing list