Kitura / Kitura-net

Kitura networking
Apache License 2.0
104 stars 79 forks source link

Error when using SSL #196

Open crspybits opened 7 years ago

crspybits commented 7 years ago

I switched over to using Kitura with SSL (and self-signed certificates). I'm getting no errors specific to my server, but I do get reports of:

[2017-05-19T20:50:50.263-06:00] [ERROR] [IncomingSocketHandler.swift:148 handleRead()] Read from socket (file descriptor 8) failed. Error = Error code: -9806(0x-264E), ERROR: SSLRead, code: -9806, reason: errSSLClosedAbort.

This is not causing failures, but doesn't look good.

Suggestions? Thanks, Chris.

crspybits commented 7 years ago

An update on this issue. I am getting some failures with an issue that seems directly connected to the above SSL usage with my Kitura-based server.

When I run the server on MacOS, using self-signing certificates (and following the technique given here https://developer.ibm.com/swift/2016/09/22/securing-kitura-part-1-enabling-ssltls-on-your-swift-server/), I get the above kind of error (i.e., errSSLClosedAbort). Plus, with certain of my endpoints my call to RouterResponse's end method blocks the server thread. This is happening specifically when I am completing a download of data using a HTTP GET. On MacOS, when the server blocks on these end calls, the client doesn't notice-- e.g., it is not also blocked.

When I run the server on Ubuntu 16.04 Linux, I run into a similar but even more severe situation. These same end calls tend to block the server thread, and the client side times out on these endpoint calls.

I should mention, I'm using an iOS Swift-based client with URLSession's to do the downloads and other server endpoint communication.

This is an open source project, and I could point you to the code. So far, I'm just trying to characterize the problem and haven't tried creating a simpler instance of the problem.

crspybits commented 7 years ago

Further update. I've now tried this with a CA Authority signed SSL certificate (from https://letsencrypt.org). The same basic issue occurs. When I'm doing multiple successive of these in a row, the server thread blocks on a GET download of data. This is where it's failing in my server: https://github.com/crspybits/SyncServerII/blob/master/Server/Sources/Server/ServerSetup.swift#L146

I'm running the following test on my iOS client: https://github.com/crspybits/SyncServerII/blob/master/iOS/Example/Tests/Performance.swift#L53

Also, and I'm not sure how/if this is related, I am getting lots of the error: [2017-05-25T03:23:30.802Z] [ERROR] [HTTPServer.swift:194 listen(listenSocket:socketManager:)] Error accepting client connection: Error code: 1(0x1), ERROR: SSL_accept, code: 1, reason: Could not determine error reason.

crspybits commented 7 years ago

Still having the same kind of issue, and I've detailed progress here: https://stackoverflow.com/questions/44224048/timeout-issue-when-downloading-from-aws-ec2-to-ios-app

crspybits commented 7 years ago

It looks like I've got a work-around for this issue. Take a look at Update5 on my stackoverflow post above. I still have some concerns about being able to get the server into a state where there are numerous server threads blocked. It looks like a client can cause the server to get into such a state. Any suggestions would be welcomed.