Am Mittwoch 06 Mai 2009 11:27:29 schrieb Howard Chu:
Ralf Haferkamp wrote:
Am Dienstag 05 Mai 2009 22:48:10 schrieb Howard Chu: Something like proposed in ITS#5133? It seems that it was rejected with a reference to the enablement of SO_KEEPALIVE, though. Should we revisit that?
Seems like it, yes.
Btw, you mentioned that sending Abandon 0 will be sufficient as a no-op. How's that going to work?
[..]
I havn't had a good idea yet how to easily fix this case, apart from leveraging TCP keepalives.
(According to the docs, SSL_read() would return SSL_ERROR_WANT_READ when the underlying BIO is non-blocking. But we're using blocking IO. I am unsure how much effort it would be to port that to non-blocking. I'd think it's a non- trivial task ;)).
I don't think there's any particular dependencies left in our code in this regard; ber_get_next() can be called as many times as necessary to retrieve a complete message. All of our input is triggered by select/poll/etc. What's less clear is how well OpenSSL actually behaves with non-blocking sockets; there are a lot of bug reports on that as I recall. You interested in testing that?
Apart from the usual time-constraints, I am not too keen on that. ;)
I guess, in the absence of a better solution, go ahead with what you've already worked up. We'll just have to document somewhere (Admin Guide I suppose) that a system's TCP keepalive setting may need to be adjusted if not on Linux...
I just submitted the libldap part, will see how/if I can work out the syncrepl part later. I need to finish some other stuff first.