[CDRIVER-821] Connections failing when active in process with other code that uses OpenSSL Created: 01/Sep/15 Updated: 03/May/17 Resolved: 03/Sep/15 |
|
| Status: | Closed |
| Project: | C Driver |
| Component/s: | libmongoc |
| Affects Version/s: | 1.2-beta0, 1.1.10 |
| Fix Version/s: | None |
| Type: | Bug | Priority: | Major - P3 |
| Reporter: | Thijs Cadier | Assignee: | A. Jesse Jiryu Davis |
| Resolution: | Done | Votes: | 0 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Environment: |
Tested on Ubuntu 14.04 64 bit. |
||
| Issue Links: |
|
||||||||
| Description |
|
When trying to use the C driver (embedded in Rust via https://github.com/thijsc/mongo-rust-driver) together with other code that uses OpenSSL connections fail. Everything works up until initialization of an OpenSSL context by another library. Then the trace below happens and connections fail. Is this a bug in the Mongo C driver? Should we maybe be using SSL_CTX_get_ex_new_index for example to scope the callbacks to just the C driver itself? ``` |
| Comments |
| Comment by Githook User [ 11/Jan/16 ] |
|
Author: {u'username': u'ajdavis', u'name': u'A. Jesse Jiryu Davis', u'email': u'jesse@mongodb.com'}Message: |
| Comment by Githook User [ 04/Sep/15 ] |
|
Author: {u'username': u'ajdavis', u'name': u'A. Jesse Jiryu Davis', u'email': u'jesse@mongodb.com'}Message: |
| Comment by Hannes Magnusson [ 03/Sep/15 ] |
|
We should definitely do something better about failure error message, see If you have concrete examples of how to reproduce a failure that could use a better messaging I'd appreciate a new ticket or a comment on Glad it wasn't OpenSSL context race condition |
| Comment by Thijs Cadier [ 03/Sep/15 ] |
|
I was actually thinking in the totally wrong direction. The issue was that the strings that I was putting in ssl options were being released from memory to early. I'm now keeping them around for the whole lifetime of the pool. Thanks so much for your pointers, we can close this ticket. There is one area of improvement that could have prevented me being stuck for so long on this: The driver does not give any information about why a connection is failing. You can remove random lines from a pem file for example and it will just say connection failed. Maybe we should open an issue to expose this type of information in the error messages? |
| Comment by Thijs Cadier [ 01/Sep/15 ] |
|
I will try this in the morning, have to leave now. I'll report back here. Thanks for the pointers! |
| Comment by Hannes Magnusson [ 01/Sep/15 ] |
How do you do that? Are you sure the ping is sent to the server? A wild guess, it sounds like we may be using wrong method to create a ssl context. That seems very odd if we are.. If you set a breakpoint on connect(), can you see what the return value and errno are? For example something like: |
| Comment by Thijs Cadier [ 01/Sep/15 ] |
|
Thanks for your reply Hannes, I am confused about OpenSSL indeed It does work the other way around, forgot to mention that. If I do a full query and fetch results from the cursor before the curl call it does not fail. If I just ping and don't use the cursor it does fail. What would that indicate? |
| Comment by Hannes Magnusson [ 01/Sep/15 ] |
|
How are you initializing the SSL context "by another library"? OpenSSL takes a special kind of person to grasp, but this sounds like confusion over correct which SSL context to use. Does it work the other way around, first you do mongoc query over SSL, and then initialize libcurl and the libcurl fetch works, or does that also break down? |
| Comment by Thijs Cadier [ 01/Sep/15 ] |
|
I'll see if I can make it work. I have very very limited C skills. |
| Comment by A. Jesse Jiryu Davis [ 01/Sep/15 ] |
|
Better if its in pure C, if that's possible. Thank you! |
| Comment by Thijs Cadier [ 01/Sep/15 ] |
|
I could provide a simple example in Rust, but that's probably not convenient for you? |
| Comment by A. Jesse Jiryu Davis [ 01/Sep/15 ] |
|
Thanks for the report. Can you share with us some code to help reproduce the bug? Is the libcurl call the simplest reproduction? |
| Comment by Thijs Cadier [ 01/Sep/15 ] |
|
Also just tested this with a libcurl call that handles SSL connections, same result. |