Bug 462393 - openssl s_client eats CPU when disconnected
openssl s_client eats CPU when disconnected
Status: CLOSED NEXTRELEASE
Product: Fedora
Classification: Fedora
Component: openssl (Show other bugs)
9
All Linux
medium Severity medium
: ---
: ---
Assigned To: Tomas Mraz
Fedora Extras Quality Assurance
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2008-09-15 17:10 EDT by David Woodhouse
Modified: 2009-01-07 23:19 EST (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2009-01-07 23:19:14 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
test case (621 bytes, text/x-csrc)
2008-09-15 17:10 EDT, David Woodhouse
no flags Details
add -no_ign_eof option (911 bytes, patch)
2008-10-07 09:32 EDT, David Woodhouse
no flags Details | Diff

  None (edit)
Description David Woodhouse 2008-09-15 17:10:41 EDT
Created attachment 316784 [details]
test case

From a tool I'm using to connect to a Cisco AnyConnect VPN, I fork and exec openssl s_client, with its stdin and stdout connected to pipes.

When my tool exits, openssl remains and chews CPU -- it doesn't seem to die with SIGPIPE, or notice for itself that the pipe is dead. It ends up doing this...

select(5, [4], [4], NULL, NULL)         = 1 (out [4])
select(5, [0 4], [], NULL, NULL)        = 1 (in [0])
read(0, "", 8192)                       = 0
select(5, [4], [4], NULL, NULL)         = 1 (out [4])
select(5, [0 4], [], NULL, NULL)        = 1 (in [0])
read(0, "", 8192)                       = 0
select(5, [4], [4], NULL, NULL)         = 1 (out [4])
select(5, [0 4], [], NULL, NULL)        = 1 (in [0])
read(0, "", 8192)                       = 0
Comment 1 Tomas Mraz 2008-09-26 09:47:35 EDT
This is caused by the -quiet option which implies -ign_eof option. Do you have to use the -quiet option?
Comment 2 David Woodhouse 2008-09-26 11:46:18 EDT
Unfortunately I do. The actual test case above has now evolved into a complete client for the Cisco AnyConnect VPN, and no longer spawns openssl that way, so it's not an issue.

But another place I see the same problem is with Evolution, when configured to access an IMAP server by running
'ssh $bastionhost exec openssl s_client -quiet -connect $mailserver:993 2>/dev/null'

Mail programs like Pine and Evolution need the first line of output from their imap command to be an imap greeting, so I need both the -quiet and the 2>/dev/null.

In my case, that bastion host is Windows, and it's a Cygwin openssl.exe which I see eating CPU. But it's the same issue as the one I reproduced in Fedora. (You may think there's some correlation between this and the fact that I've just written an AnyConnect-compatible VPN client for Linux. I couldn't possibly comment).

Is there a '-no-igneof' option?
Comment 3 David Woodhouse 2008-10-07 09:32:13 EDT
Created attachment 319639 [details]
add -no_ign_eof option
Comment 4 David Woodhouse 2008-10-07 12:18:15 EDT
http://rt.openssl.org/Ticket/Display.html?id=1761
Comment 5 David Woodhouse 2008-10-22 03:47:24 EDT
Patch is now in upstream OpenSSL.
Comment 6 Fedora Update System 2009-01-07 12:47:56 EST
openssl-0.9.8g-9.12.fc9 has been submitted as an update for Fedora 9.
http://admin.fedoraproject.org/updates/openssl-0.9.8g-9.12.fc9
Comment 7 Fedora Update System 2009-01-07 12:49:43 EST
openssl-0.9.8g-12.fc10 has been submitted as an update for Fedora 10.
http://admin.fedoraproject.org/updates/openssl-0.9.8g-12.fc10
Comment 8 Fedora Update System 2009-01-07 23:19:11 EST
openssl-0.9.8g-9.12.fc9 has been pushed to the Fedora 9 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 9 Fedora Update System 2009-01-07 23:19:45 EST
openssl-0.9.8g-12.fc10 has been pushed to the Fedora 10 stable repository.  If problems still persist, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.