tkuester / taky

A simple python TAK server
MIT License
195 stars 42 forks source link

SSL server socket dies on accept #1

Closed tkuester closed 3 years ago

tkuester commented 3 years ago

This one is puzzling me.

Using Python 3.8.5, and OpenSSL 1.1.1j, I'm running into an issue where the server socket raises OSError (errno: 0) on accept(). While most of the time, this seems to be harmless, in some instances the client disconnects, and new connections timeout on the SSL handshake.

While this seems to be related to Issue 31122, it should be fixed in 3.8.5.

Currently running on Python 3.9 to see what's going on.

tkuester commented 3 years ago

I was able to trigger the OSError by using nc -z localhost 8089, but that didn't destroy the existing connection, or hamper the ability for more clients to connect.

tkuester commented 3 years ago

Running this in python3.9 still does not help.

Now that #2 is closed, I've added the ability to attach with PDB. Hopefully this will help root out the issue.

tkuester commented 3 years ago

Hokay.

So it turns out you can call wrap_socket on the server side, and Python will automatically call wrap_socket on the client sockets. However, it instantly tries to do the SSL handshake in a blocking way, which is bad for a single threaded model.

One (hackish) way around this is to set a socket timeout of a second or so. However, this can lead to a denial of service attack, and the socket timeout threshold is an arbitrary choice. As read/send is happening behind the scenes, setting the socket to nonblocking is the best solution, and then using a select call to determine when do_handshake is needed.

The documentation has some helpful explanations of how to handle non-blocking sockets.

Changes in d4b4478..01058cc