[ovs-dev] [PATCH] Shutdown SSL connection before closing socket

Terry Wilson twilson at redhat.com
Wed Jul 10 18:24:10 UTC 2019


from __future__ import print_function
import sys

from ovs import jsonrpc
from ovs import stream
from ovs.unixctl import client


URI='ssl:127.0.0.1:6641'
PRIV='sandbox/ovnnb-privkey.pem'
CERT='sandbox/ovnnb-cert.pem'
CACERT='sandbox/pki/switchca/cacert.pem'
stream.Stream.ssl_set_private_key_file(PRIV)
stream.Stream.ssl_set_certificate_file(CERT)
stream.Stream.ssl_set_ca_cert_file(CACERT)


class SSLClient(client.UnixctlClient):
    @classmethod
    def create(cls, uri):
        error, _stream = stream.Stream.open_block(
                stream.Stream.open(uri))
        if error:
            client.vlog.warn("failed to connect to %s" % path)
            return error, None
        return 0, cls(jsonrpc.Connection(_stream))


_, c = SSLClient.create(URI)
print(c.transact("echo", ["hello world"]))
c.close()

On Wed, Jul 10, 2019 at 12:17 PM Mark Michelson <mmichels at redhat.com> wrote:

> On 7/10/19 12:11 PM, Terry Wilson wrote:
> > An example of a reproducer script attached. If you enable SSL and OVN w/
> > the sandbox and run it, looking in the sandbox/nb1.log you'll see the
> > disconnect errors that the patch makes go away.
> >
>
> Hi Terry. It looks like the mailing list has eaten your attachment. If
> possible, can you include it in-line?
>
> > On Wed, Jul 10, 2019 at 11:07 AM Terry Wilson <twilson at redhat.com>
> wrote:
> >
> >> Without shutting down the SSL connection, log messages like:
> >>
> >> stream_ssl|WARN|SSL_read: unexpected SSL connection close
> >> jsonrpc|WARN|ssl:127.0.0.1:47052: receive error: Protocol error
> >> reconnect|WARN|ssl:127.0.0.1:47052: connection dropped (Protocol error)
> >>
> >> would occur whenever the socket is closed. This just adds an
> >> SSLStream.close() that calls shutdown() and ignores read/write
> >> errors.
> >>
> >> Signed-off-by: Terry Wilson <twilson at redhat.com>
> >> ---
> >>   python/ovs/stream.py | 8 ++++++++
> >>   1 file changed, 8 insertions(+)
> >>
> >> diff --git a/python/ovs/stream.py b/python/ovs/stream.py
> >> index c15be4b..fd1045e 100644
> >> --- a/python/ovs/stream.py
> >> +++ b/python/ovs/stream.py
> >> @@ -825,6 +825,14 @@ class SSLStream(Stream):
> >>           except SSL.SysCallError as e:
> >>               return -ovs.socket_util.get_exception_errno(e)
> >>
> >> +    def close(self):
> >> +        if self.socket:
> >> +            try:
> >> +                self.socket.shutdown()
> >> +            except (SSL.WantReadError, SSL.WantWriteError):
> >> +                pass
> >> +        return super(SSLStream, self).close()
> >> +
> >>
> >>   if SSL:
> >>       # Register SSL only if the OpenSSL module is available
> >> --
> >> 1.8.3.1
> >>
> >>
> >>
> >> _______________________________________________
> >> dev mailing list
> >> dev at openvswitch.org
> >> https://mail.openvswitch.org/mailman/listinfo/ovs-dev
>
>


More information about the dev mailing list