Closed smanolache closed 4 years ago
Hi @smanolache Thanks a lot for contributing to the project. I apologize for not reacting sooner, but this is a side project and has been a high priority for the maintainers for quite a while. It seems like the failing CI is related to jobs using outdated versions of ubuntu and centos. I will remove those jobs in a new PR.
Keep up the good work, best @bokchan
@smanolache The failing CI pipeline should be fixed if you rebase on the latest v6.x.x
Rebased. All tests pass.
LGTM
There are three classes of change
SSL_connect
,SSL_read
, andSSL_write
useSSL_get_error
in order to monitor the appropriate events on the I/O event loop.The error you've noticed, namely that the BIO was not set, happened because
SSL_set_fd
was called only when the connection succeeded indrizzle_connect
. I've added it when the connection succeeds indrizzle_state_connecting
.I've removed
SSL_new
fromdrizzle_set_ssl
. The reason is thatdrizzle_set_ssl
is called only once, at setup, when we configure the certificates, while aSSL
object is associated to a live network connection. Thus, theSSL_CTX
is built only once, bydrizzle_set_ssl
, while theSSL
object is built whenever theconnect
system call succeeds and is freed indrizzle_close
.Besides the normal operation, I've tested two scenarios:
I continuously pass SQL requests over the same connection while in another console I launch iptables commands to drop packets. The application detects the errors, calls
drizzle_close
and tries to reestablish the connection. SSL is correctly reestablished once I stop dropping the packets.I continuously pass SQL requests over the same connection. Then I shutdown the MySQL server. The application reacts to it by calling
drizzle_close
. I can see the Encrypted Alert that my client sends to the server before closing the socket. SSL is correctly reestablished once I restart the server.I am not sure that I handle the shutdowns (
SSL_shutdown
) correctly though.