tyler.durden
/
icinga2
mirror of https://github.com/Icinga/icinga2.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Fixed excessive CPU usage during SSL negotiation.

This commit is contained in:
Gunnar Beutner 2012-04-27 14:15:22 +02:00
parent 415f1d39aa
commit 7e2b8d90a5
2 changed files with 22 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
base/tlsclient.cpp
View File

@ -8,6 +8,8 @@ bool I2_EXPORT TLSClient::m_SSLIndexInitialized = false;
TLSClient::TLSClient(TCPClientRole role, shared_ptr<SSL_CTX> sslContext) : TCPClient(role) TLSClient::TLSClient(TCPClientRole role, shared_ptr<SSL_CTX> sslContext) : TCPClient(role)
{ {
m_SSLContext = sslContext; m_SSLContext = sslContext;
m_BlockRead = false;
m_BlockWrite = false;
} }
void TLSClient::NullCertificateDeleter(X509 *certificate) void TLSClient::NullCertificateDeleter(X509 *certificate)
@ -60,6 +62,9 @@ int TLSClient::ReadableEventHandler(const EventArgs& ea)
{ {
int rc; int rc;
m_BlockRead = false;
m_BlockWrite = false;
size_t bufferSize = FIFO::BlockSize / 2; size_t bufferSize = FIFO::BlockSize / 2;
char *buffer = (char *)GetRecvQueue()->GetWriteBuffer(&bufferSize); char *buffer = (char *)GetRecvQueue()->GetWriteBuffer(&bufferSize);
rc = SSL_read(m_SSL.get(), buffer, bufferSize); rc = SSL_read(m_SSL.get(), buffer, bufferSize);
@ -67,6 +72,8 @@ int TLSClient::ReadableEventHandler(const EventArgs& ea)
if (rc <= 0) { if (rc <= 0) {
switch (SSL_get_error(m_SSL.get(), rc)) { switch (SSL_get_error(m_SSL.get(), rc)) {
case SSL_ERROR_WANT_WRITE: case SSL_ERROR_WANT_WRITE:
m_BlockRead = true;
/* fall through */
case SSL_ERROR_WANT_READ: case SSL_ERROR_WANT_READ:
return 0; return 0;
case SSL_ERROR_ZERO_RETURN: case SSL_ERROR_ZERO_RETURN:
@ -93,12 +100,17 @@ int TLSClient::WritableEventHandler(const EventArgs& ea)
{ {
int rc; int rc;
m_BlockRead = false;
m_BlockWrite = false;
rc = SSL_write(m_SSL.get(), (const char *)GetSendQueue()->GetReadBuffer(), GetSendQueue()->GetSize()); rc = SSL_write(m_SSL.get(), (const char *)GetSendQueue()->GetReadBuffer(), GetSendQueue()->GetSize());
if (rc <= 0) { if (rc <= 0) {
switch (SSL_get_error(m_SSL.get(), rc)) { switch (SSL_get_error(m_SSL.get(), rc)) {
case SSL_ERROR_WANT_WRITE:
case SSL_ERROR_WANT_READ: case SSL_ERROR_WANT_READ:
m_BlockWrite = true;
/* fall through */
case SSL_ERROR_WANT_WRITE:
return 0; return 0;
case SSL_ERROR_ZERO_RETURN: case SSL_ERROR_ZERO_RETURN:
Close(); Close();
@ -121,6 +133,9 @@ bool TLSClient::WantsToRead(void) const
if (SSL_want_read(m_SSL.get())) if (SSL_want_read(m_SSL.get()))
return true; return true;
if (m_BlockRead)
return false;
return TCPClient::WantsToRead(); return TCPClient::WantsToRead();
} }
@ -129,6 +144,9 @@ bool TLSClient::WantsToWrite(void) const
if (SSL_want_write(m_SSL.get())) if (SSL_want_write(m_SSL.get()))
return true; return true;
if (m_BlockWrite)
return false;
return TCPClient::WantsToWrite(); return TCPClient::WantsToWrite();
} }

3
base/tlsclient.h
View File

@ -17,6 +17,9 @@ private:
shared_ptr<SSL_CTX> m_SSLContext; shared_ptr<SSL_CTX> m_SSLContext;
shared_ptr<SSL> m_SSL; shared_ptr<SSL> m_SSL;
bool m_BlockRead;
bool m_BlockWrite;
static int m_SSLIndex; static int m_SSLIndex;
static bool m_SSLIndexInitialized; static bool m_SSLIndexInitialized;