Am 21.06.2020 um 22:06 schrieb Christoph Biedl ngircd.anoy@manchmal.in-ulm.de:
Alexander Barton wrote...
• Update test suite to include SSL tests, including checking for reloading certificates during runtime.
Unfortunately this causes a failure here on a somewhat older machine[1] - although they pass on another one with an even slower CPU.
[…]
So a race condition. Possibly related, why does the daemon process:
| 34426 21:39:35.676268 openat(AT_FDCWD, "ssl/cert.pem", O_RDONLY|O_LARGEFILE|O_CLOEXEC <unfinished ...> | 34426 21:39:35.676830 <... openat resumed>) = 6 | 34426 21:39:35.677055 fstat64(6, <unfinished ...> | 34426 21:39:35.677179 <... fstat64 resumed>{st_mode=S_IFREG|0644, st_size=1468, ...}) = 0 | 34426 21:39:35.677307 _llseek(6, 0, <unfinished ...> | 34426 21:39:35.677411 <... _llseek resumed>[0], SEEK_CUR) = 0 | 34426 21:39:35.677535 fstat64(6, <unfinished ...> | 34426 21:39:35.677622 <... fstat64 resumed>{st_mode=S_IFREG|0644, st_size=1468, ...}) = 0 | 34426 21:39:35.677736 read(6, <unfinished ...> | 34426 21:39:35.677832 <... read resumed>"-----BEGIN CERTIFICATE-----\nMIIEDjCCAnagAwIBAgIBATANBgkqhkiG9w0BAQsFADAfMR0wGwYDVQQDExRteS5z\nZWNvbmQuZG9tYWluLnRsZDA | 34426 21:39:35.678022 read(6, <unfinished ...> | 34426 21:39:35.678177 <... read resumed>"", 4096) = 0 | 34426 21:39:35.678301 close(6 <unfinished ...> | 34426 21:39:35.678411 <... close resumed>) = 0 here:
- 34426 21:39:36.083475 getpid() = 34426
| 34426 21:39:36.083612 write(1, "[34426:6 6] Discarding X509 certificate credentials from slot 0.\n", 68) = 68 | 34426 21:39:36.083818 getpid() = 34426 | 34426 21:39:36.083905 write(1, "[34426:6 6] Storing new X509 certificate credentials in slot 0.\n", 67) = 67 | 34426 21:39:36.084136 getpid() = 34426 | 34426 21:39:36.084226 write(1, "[34426:6 6] GnuTLS 3.6.14 initialized.\n", 42) = 42
lose some 300 milliseconds here? Without that, the race would not happen.
Wild guess: Probably because it needs and is waiting for some random numbers?
Workaround:
--- a/src/testsuite/connect-ssl-cert2-test.e +++ b/src/testsuite/connect-ssl-cert2-test.e @@ -1,6 +1,7 @@ # ngIRCd test suite # Server connect test
+sleep 1 spawn openssl s_client -quiet -connect 127.0.0.1:6790 expect { timeout { exit 1 }
Probably we should add this to the server starting logic, or even add a real test if the SSL-enabled port is ready & accepting connections there?
But good catch!
Thanks! Alex