SSL, invoke shutdown implementation when closing a connection #11858
Conversation
icing
commented
Sep 15, 2023
•
icing
commented
- fix http2 and h2-proxy filter to call the next filters on close
- make openssl's shutdown handle a one-time effort with added tracing for what it achieved
|
Should be merged, imo. |
|
While it may be necessary to wait for a shutdown in some cases, I don't like this fix because it's blocking (for 1+ seconds depending on time granularity) and not specific. Please see my comments here. |
I agree that possibly blocking for a second on each connection individually is not good. I opened a discussion at #11878. |
|
Amended PR with a simpler version, no delays. |
icing
force-pushed
the
ssl-shutdown-revival
branch
from
f20d38c
to
f2cfffe
Compare
- If SSL shutdown is not finished then make an additional call to SSL_read to gather additional tracing. - Fix http2 and h2-proxy filters to forward do_close() calls to the next filter. For example h2 and SSL shutdown before and after this change: Before: Curl_conn_close -> cf_hc_close -> Curl_conn_cf_discard_chain -> ssl_cf_destroy After: Curl_conn_close -> cf_hc_close -> cf_h2_close -> cf_setup_close -> ssl_cf_close Closes #xxxx
jay
force-pushed
the
ssl-shutdown-revival
branch
from
4e25ddb
to
c419abb
Compare
|
I've squashed all the commits to prepare for merge however the change does not work as I expected. The internal handle used by the connection cache to close connections (ie the closure_handle) has verbose mode false and CURL_LOG_LVL_NONE so none of those trace messages are output when |
Yes, that is a known current limitation of libcurl/curl as documented in #11878. I think we should enable This is outside of this PR really, it applies to all |
This is an old and long-standing issue that we need to fix, but it is separate and needs a larger take. |
|
Thanks. Let's try this out and see how it goes. |
