Bug 462393 - openssl s_client eats CPU when disconnected
Summary: openssl s_client eats CPU when disconnected
Keywords:
Status: CLOSED NEXTRELEASE
Alias: None
Product: Fedora
Classification: Fedora
Component: openssl
Version: 9
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Tomas Mraz
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2008-09-15 21:10 UTC by David Woodhouse
Modified: 2009-01-08 04:19 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2009-01-08 04:19:14 UTC
Type: ---
Embargoed:

Attachments (Terms of Use)
test case (621 bytes, text/x-csrc)
2008-09-15 21:10 UTC, David Woodhouse 		no flags Details
add -no_ign_eof option (911 bytes, patch)
2008-10-07 13:32 UTC, David Woodhouse 		no flags Details | Diff
View All

Description David Woodhouse 2008-09-15 21:10:41 UTC 
Created attachment 316784 [details]
test case

From a tool I'm using to connect to a Cisco AnyConnect VPN, I fork and exec openssl s_client, with its stdin and stdout connected to pipes.

When my tool exits, openssl remains and chews CPU -- it doesn't seem to die with SIGPIPE, or notice for itself that the pipe is dead. It ends up doing this...

select(5, [4], [4], NULL, NULL)         = 1 (out [4])
select(5, [0 4], [], NULL, NULL)        = 1 (in [0])
read(0, "", 8192)                       = 0
select(5, [4], [4], NULL, NULL)         = 1 (out [4])
select(5, [0 4], [], NULL, NULL)        = 1 (in [0])
read(0, "", 8192)                       = 0
select(5, [4], [4], NULL, NULL)         = 1 (out [4])
select(5, [0 4], [], NULL, NULL)        = 1 (in [0])
read(0, "", 8192)                       = 0
Comment 1 Tomas Mraz 2008-09-26 13:47:35 UTC 
This is caused by the -quiet option which implies -ign_eof option. Do you have to use the -quiet option?
Comment 2 David Woodhouse 2008-09-26 15:46:18 UTC 
Unfortunately I do. The actual test case above has now evolved into a complete client for the Cisco AnyConnect VPN, and no longer spawns openssl that way, so it's not an issue.

But another place I see the same problem is with Evolution, when configured to access an IMAP server by running
'ssh $bastionhost exec openssl s_client -quiet -connect $mailserver:993 2>/dev/null'

Mail programs like Pine and Evolution need the first line of output from their imap command to be an imap greeting, so I need both the -quiet and the 2>/dev/null.

In my case, that bastion host is Windows, and it's a Cygwin openssl.exe which I see eating CPU. But it's the same issue as the one I reproduced in Fedora. (You may think there's some correlation between this and the fact that I've just written an AnyConnect-compatible VPN client for Linux. I couldn't possibly comment).

Is there a '-no-igneof' option?
Comment 3 David Woodhouse 2008-10-07 13:32:13 UTC 
Created attachment 319639 [details]
add -no_ign_eof option
Comment 4 David Woodhouse 2008-10-07 16:18:15 UTC 
http://rt.openssl.org/Ticket/Display.html?id=1761
Comment 5 David Woodhouse 2008-10-22 07:47:24 UTC 
Patch is now in upstream OpenSSL.
Comment 6 Fedora Update System 2009-01-07 17:47:56 UTC 
openssl-0.9.8g-9.12.fc9 has been submitted as an update for Fedora 9.
http://admin.fedoraproject.org/updates/openssl-0.9.8g-9.12.fc9
Comment 7 Fedora Update System 2009-01-07 17:49:43 UTC 
openssl-0.9.8g-12.fc10 has been submitted as an update for Fedora 10.
http://admin.fedoraproject.org/updates/openssl-0.9.8g-12.fc10
Comment 8 Fedora Update System 2009-01-08 04:19:11 UTC 
openssl-0.9.8g-9.12.fc9 has been pushed to the Fedora 9 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 9 Fedora Update System 2009-01-08 04:19:45 UTC 
openssl-0.9.8g-12.fc10 has been pushed to the Fedora 10 stable repository.  If problems still persist, please make note of it in this bug report.
Note You need to log in before you can comment on or make changes to this bug.