[CDRIVER-2222] /TLS/handshake_stall test fails on macOS and zSeries Created: 26/Jul/17  Updated: 28/Oct/23  Resolved: 17/May/18

Status: Closed
Project: C Driver
Component/s: libmongoc, tests, tls
Affects Version/s: None
Fix Version/s: 1.10.0

Type: Bug Priority: Minor - P4
Reporter: A. Jesse Jiryu Davis Assignee: Kevin Albertson
Resolution: Fixed Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Epic Link: Post-3.6 cleanup

 Description   

Seems related to the 10.10 -> 10.12 upgrade in Evergreen:

https://evergreen.mongodb.com/task/mongo_c_driver_darwin_test_latest_server_auth_sasl_darwinssl_patch_99858031e954f554b6ea47dcf5f9c2ef4ab6c09f_5978d8e22fbabe7524001ae3_17_07_26_18_01_06/0

[2017/07/26 14:26:54.095] Begin /TLS/handshake_stall, seed 3385755606
[2017/07/26 14:26:54.397] expected timeout after about 200ms, not 301



 Comments   
Comment by Githook User [ 17/May/18 ]

Author:

{'email': 'jesse@mongodb.com', 'username': 'ajdavis', 'name': 'A. Jesse Jiryu Davis'}

Message: CDRIVER-2222 update comment
Branch: master
https://github.com/mongodb/mongo-c-driver/commit/3603ef52c0ce5efb023acbeeb575b31c7ceb26a4

Comment by A. Jesse Jiryu Davis [ 17/May/18 ]

Resolved on zSeries. Mac's Secure Transport implementation of TLS is for development only. An occasional stall there for a few hundred ms in SECItemImport is not a major issue.

Comment by Githook User [ 08/May/18 ]

Author:

{'email': 'kevin.albertson@10gen.com', 'name': 'Kevin Albertson', 'username': 'kevinAlbs'}

Message: CDRIVER-2222 fix /TLS/handshake_stall test

This fix applies to zSeries failures that were taking ~100ms to create
a TLS stream with OpenSSL. That time was spent in
SSL_CTX_set_default_verify_paths. To reduce this time, the test now
explicitly specifies a CA cert.
Branch: master
https://github.com/mongodb/mongo-c-driver/commit/fa50256d519679722a8fd5dc89a9fa39f12dfdc2

Comment by Kevin Albertson [ 08/May/18 ]

Despite my previous comment, I don't think the fact that the DarwinSSL handshake is blocking implies this test is okay to fail on Darwin. The connectTimeoutMS timeout should still work, since it applies to the blocking handshake as well.

There is however occasionally an additional amount of additional time spent in mongoc_secure_transport_setup_certificate() which can be seen in the logs of this patch build.

2018/05/03 14:49:01.0190: [96039]:    TRACE: stream-tls-secure_transport: ENTRY: mongoc_stream_tls_secure_transport_new():469
2018/05/03 14:49:01.0192: [96039]:    TRACE: stream-secure_transport: TRACE: mongoc_secure_transport_setup_certificate():334 No private key provided, the server won't be able to verify us
2018/05/03 14:49:01.0278: [96039]:    TRACE: stream-secure_transport: TRACE: mongoc_secure_transport_setup_ca():431 Setting certificate authority succeeded (tests/x509gen/ca.pem)
2018/05/03 14:49:01.0278: [96039]:    TRACE: stream-secure_transport: TRACE: mongoc_secure_transport_setup_certificate():384 Setting client certificate succeeded
2018/05/03 14:49:01.0278: [96039]:    TRACE: stream-tls-secure_transport:  EXIT: mongoc_stream_tls_secure_transport_new():538

Comment by Kevin Albertson [ 30/Apr/18 ]

Per discussion, we should leave this disabled for DarwinSSL (secure transport) since the handshake is blocking. The zSeries failures should be investigated.

Comment by Kevin Albertson [ 30/Apr/18 ]

Another on zSeries: https://evergreen.mongodb.com/version/5ae3d1742fbabe28b037ea45

Comment by A. Jesse Jiryu Davis [ 15/Mar/18 ]

Also observed on zSeries:

https://evergreen.mongodb.com/task/mongo_c_driver_zseries_suse12_authentication_tests_memcheck_bfcbed2aaed6082f6eaacf490858bb73eb1c042b_18_03_13_18_22_25

Comment by A. Jesse Jiryu Davis [ 10/Aug/17 ]

At least investigate this in relation to other TLS async stuff in 1.8.

Comment by Githook User [ 26/Jul/17 ]

Author:

{'email': 'jesse@mongodb.com', 'username': 'ajdavis', 'name': 'A. Jesse Jiryu Davis'}

Message: CDRIVER-2222 disable /TLS/handshake_stall with macOS
Branch: master
https://github.com/mongodb/mongo-c-driver/commit/6f28ec66c3b566a42d68b6fec154dadef58bdaa6

Generated at Wed Feb 07 21:14:33 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.