webrick: do not hang acceptor on slow TLS connections
OpenSSL::SSL::SSLSocket#accept may block indefinitely on clients
which negotiate the TCP connection, but fail (or are slow) to
negotiate the subsequent TLS handshake. This prevents the
multi-threaded WEBrick server from accepting other connections.
Since the TLS handshake (via OpenSSL::SSL::SSLSocket#accept)
consists of normal read/write traffic over TCP, handle it in the
per-client thread, instead.
Furthermore, using non-blocking accept() is useful for non-TLS
sockets anyways because spurious wakeups are possible from
select(2).
* lib/webrick/server.rb (accept_client): use TCPServer#accept_nonblock
and remove OpenSSL::SSL::SSLSocket#accept call
* lib/webrick/server.rb (start_thread): call OpenSSL::SSL::SSLSocket#accept
* test/webrick/test_ssl_server.rb (test_slow_connect): new test
[ruby-core:83221] [Bug #14005]
webrick: fix up r60172
By making the socket non-blocking in r60172, TLS/SSL negotiation
via the SSL_accept function must handle non-blocking sockets
properly and retry on SSL_ERROR_WANT_READ/SSL_ERROR_WANT_WRITE.
OpenSSL::SSL::SSLSocket#accept cannot do that properly with a
non-blocking socket, so it must use non-blocking logic of
OpenSSL::SSL::SSLSocket#accept_nonblock.
Thanks to MSP-Greg (Greg L) for finding this.
* lib/webrick/server.rb (start_thread): use SSL_accept properly
with non-blocking socket.
[Bug #14013] [Bug #14005]
webrick: fix up r60172 and revert r60189
Thanks to MSP-Greg (Greg L) for helping with this.
* lib/webrick/server.rb (start_thread): ignore ECONNRESET, ECONNABORTED,
EPROTO, and EINVAL on TLS negotiation errors the same way they
were ignored before r60172 in the accept_client method of the
main acceptor thread.
[Bug #14013] [Bug #14005]
webrick: fix up r60172 and r60208
Thanks to MSP-Greg (Greg L) for helping with this.
* lib/webrick/server.rb (start_thread): fix non-local return
introduced in r60208
webrick: fix up r60172 and r60210
Thanks to MSP-Greg (Greg L) for helping with this.
* lib/webrick/server.rb (start_thread): properly fix non-local return
introduced in r60208 and r60210
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_3@61240 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
When you change this to true, you may need to add more tests.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@53141 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* lib/webrick/server.rb (WEBrick::GenericServer#start): flush
shutdown pipe.
* lib/webrick/server.rb (WEBrick::GenericServer#stop): request the
server to stop immediately by sending data via shutdown pipe.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@51231 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
Sockets are close-on-exec by default since Ruby 2.0, so it
is redundant to set it again.
* lib/webrick/server.rb (accept_client): avoid redundant fcntl call
[Feature #11137]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@50519 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
notify readability on the read side of the pipe.
write_nonblock() is not usable for pipe on Windows.
(cleanup_shutdown_pipe): Rescue IOError for @shutdown_pipe_w.close.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@48354 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
to avoid race condition.
(cleanup_shutdown_pipe): New private method.
(cleanup_listener): Extracted from shutdown method.
Call this method from start method to avoid race condition.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@48353 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
shutdown() or close() for listening socket is not a reliable.
Actually, both doesn't work (doesn't wake up select()) on
DragonFly BSD 3.6.2.
* test/webrick/utils.rb: :ShutdownSocketWithoutClose is not required
now to immediate server shutdown detection.
This fixes fd leaks.
* test/net/http/utils.rb: Ditto.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@46253 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* lib/webrick/httpserver.rb (WEBrick::HTTPServer#run): stop
handling requests on shutdown, even if the socket is readable
and IO.select() returns true. [Fixes GH-607]
* lib/webrick/server.rb (WEBrick::GenericServer#start): IO.select()
raises ENOTSOCK on shutdown on Windows.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@45872 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
partially revert r35315.
* test/webrick/test_server.rb (test_start_exception):
received signal is delivered to the main thread, so it is needed to
emulate it. patched by Eric Hodel. [ruby-core:44348] [Feature #6236]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@35323 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
this method is to deny new connections, not shutdown yet.
* lib/webrick/server.rb (WEBrick::GenericServer#start):
re-raise exception only when the exception is Interrupt (^C).
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@35315 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
will now continue only when a StandardError subclass is raised. For
other exception types the error will be logged at the fatal level and
the server will safely stop. Based on a patch by Alex Young.
[ruby-trunk - Feature #6236]
* test/webrick/test_server.rb: Test for new exception handling
behavior. Join the server thread instead of busy-waiting for it to
shut down to remove race conditions.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@35303 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
should rescue Errno::EINVAL from TCPServer#accept. this exception
might occur if the server socket is not in ready to listen.
* lib/webrick/server.rb (WEBrick::GenericServer#accept_client):
don't call TCPServer#close if the :ShutdownSocketWithoutClose is set.
* lib/webrick/config.rb (WEBrick::Config::General): add new parameter
:ShutdownSocketWithoutClose.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@14306 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
:InputBufferSize and :OutputBufferSize.
* lib/webrick/utils.rb (WEBrick::Utils.timeout): add new timeout
method. this implementation is expected to be compatible with
timeout.rb and faster than timeout.rb.
* lib/webrick/httprequest.rb (WEBrick::HTTPRequest#_read_data):
Timeout.timeout is replaced by WEBrick::Utils.timeout.
* lib/webrick/httprequest.rb: WEBrick::HTTPRequest::BUFSIZE is
replaced by config[:InputBufferSize].
* lib/webrick/httpresposne.rb: WEBrick::HTTPResponse::BUFSIZE is
replaced by config[:OutputBufferSize].
* lib/webrick/server.rb: get rid of unnecessary require.
* test/webrick/test_utils.rb: test for WEBrick::Utils.timeout.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@10167 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
sockets should be non-blocking mode. [ruby-dev:26405]
* lib/webrick/utils.rb (WEBrick::Utils.set_non_blocking): new method.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@8767 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
should delete trailing LF from the result of pack("m*").
* lib/webrick/httpproxy.rb (WEBrick::HTTPProxyServer#proxy_connect):
- should delete trailing LF from the result of pack("m*").
- clear Request-Line not to send the sesponse by HTTPServer#run.
* lib/webrick/httputils (WEBrick::HTTPUtils.parse_qvalues):
refine regexp (and change the name of a local variable).
* lib/webrick/server.rb (WEBrick::Daemon.start): prepared stdio
don't allow changing its mode.
* test/webrick/*, sample/webrick/httpproxy.rb: add new files.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@7743 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
should log about all accepted socket. [ruby-core:03962]
* lib/webrick/accesslog.rb (WEBrick::AccessLog#setup_params):
"%%" and "%u" are supported. [webricken:135]
* lib/webrick/httpservlet/filehandler.rb
(WEBrick::HTTPServlet::FileHandler#check_filename):
:NondisclosureName is acceptable if it is Enumerable.
* lib/webrick/config.rb (WEBrick::Config::FileHandler):
default value of :NondisclosureName is [".ht*", "*~"].
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@7566 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
:DoNotReverseLookup.
* lib/webrick/server.rb (WEBrick::GenericServer#accept): call
do_not_reverse_lookup for each socket if :DoNotReverseLookup
is set. [ruby-code:02357]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@5941 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
Exception to avoid unexpected aborting. [ruby-core:01853]
* lib/webrick/server.rb (GenericServer#start_thread): should check
that peeraddr isn't nil before printing.
* lib/webrick/httpresponse.rb (HTTPResponse#start_thread): should
rescue Exception to avoid unexpected aborting of thread.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@5098 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* lib/webrick/https.rb: SSLSocket handling is moved to webrick/ssl.rb.
* lib/webrick/compat.rb (File::fnmatch): remove old migration code.
* lib/webrick/httpserver.rb (HTTPServer#run): ditto.
* lib/webrick/server.rb (GenericServer#listen): the body of this
method is pull out as Utils::create_lisnteners.
* lib/webrick/utils.rb (Utils::create_lisnteners): new method.
* lib/webrick/server.rb (GenericServer#start): should not
through unknown errors. and refine comments.
* ext/openssl/lib/openssl/ssl.rb (SSLServer#accept): should close
socket if SSLSocket raises error.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@4409 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
