Created attachment 316784 [details] test case From a tool I'm using to connect to a Cisco AnyConnect VPN, I fork and exec openssl s_client, with its stdin and stdout connected to pipes. When my tool exits, openssl remains and chews CPU -- it doesn't seem to die with SIGPIPE, or notice for itself that the pipe is dead. It ends up doing this... select(5, [4], [4], NULL, NULL) = 1 (out [4]) select(5, [0 4], [], NULL, NULL) = 1 (in [0]) read(0, "", 8192) = 0 select(5, [4], [4], NULL, NULL) = 1 (out [4]) select(5, [0 4], [], NULL, NULL) = 1 (in [0]) read(0, "", 8192) = 0 select(5, [4], [4], NULL, NULL) = 1 (out [4]) select(5, [0 4], [], NULL, NULL) = 1 (in [0]) read(0, "", 8192) = 0
This is caused by the -quiet option which implies -ign_eof option. Do you have to use the -quiet option?
Unfortunately I do. The actual test case above has now evolved into a complete client for the Cisco AnyConnect VPN, and no longer spawns openssl that way, so it's not an issue. But another place I see the same problem is with Evolution, when configured to access an IMAP server by running 'ssh $bastionhost exec openssl s_client -quiet -connect $mailserver:993 2>/dev/null' Mail programs like Pine and Evolution need the first line of output from their imap command to be an imap greeting, so I need both the -quiet and the 2>/dev/null. In my case, that bastion host is Windows, and it's a Cygwin openssl.exe which I see eating CPU. But it's the same issue as the one I reproduced in Fedora. (You may think there's some correlation between this and the fact that I've just written an AnyConnect-compatible VPN client for Linux. I couldn't possibly comment). Is there a '-no-igneof' option?
Created attachment 319639 [details] add -no_ign_eof option
http://rt.openssl.org/Ticket/Display.html?id=1761
Patch is now in upstream OpenSSL.
openssl-0.9.8g-9.12.fc9 has been submitted as an update for Fedora 9. http://admin.fedoraproject.org/updates/openssl-0.9.8g-9.12.fc9
openssl-0.9.8g-12.fc10 has been submitted as an update for Fedora 10. http://admin.fedoraproject.org/updates/openssl-0.9.8g-12.fc10
openssl-0.9.8g-9.12.fc9 has been pushed to the Fedora 9 stable repository. If problems still persist, please make note of it in this bug report.
openssl-0.9.8g-12.fc10 has been pushed to the Fedora 10 stable repository. If problems still persist, please make note of it in this bug report.