Skip to content
This repository has been archived by the owner on Jan 23, 2023. It is now read-only.
/ corefx Public archive

More SSL error queue cleaning #29171

Merged
merged 3 commits into from
Apr 18, 2018
Merged

More SSL error queue cleaning #29171

merged 3 commits into from
Apr 18, 2018

Conversation

pjanotti
Copy link
Contributor

@pjanotti pjanotti commented Apr 18, 2018
edited by karelz
Loading

Another batch of cleaning SSL error queue. Trying to be minimize the extension of the changes while ensuring the SSL error queue is clean of typical errors without affecting exceptions currently throw by the code. In interest of keeping the perf unchanged calls to cleanup the queue are ideally only added in case of errors and preferably via ERR_clear_error.

The targets addressed on this change were identified via debugger by selecting calls that were putting errors on the SSL queue. The removal of the active issue is at this point still tentative: I can't be sure that it is going to pass reliable on Outerloop and I do not have any more local repros.

Contributes to #25676 (moved to dotnet/runtime#24335).

@pjanotti pjanotti added this to the 2.1.0 milestone Apr 18, 2018
@pjanotti pjanotti self-assigned this Apr 18, 2018
@pjanotti
Copy link
Contributor Author

@dotnet-bot test Outerloop Linux x64 Release Build
@dotnet-bot test Outerloop Linux x64 Debug Build

@pjanotti
Copy link
Contributor Author

1st round of CI passed, starting a second one:

@dotnet-bot test Outerloop Linux x64 Release Build
@dotnet-bot test Outerloop Linux x64 Debug Build
@dotnet-bot test Linux x64 Release Build
@dotnet-bot test Linux x64 Debug Build

stephentoub
stephentoub reviewed Apr 18, 2018
View reviewed changes
...rity.Cryptography.X509Certificates/src/Internal/Cryptography/Pal.Unix/OpenSslPkcs12Reader.cs Outdated
return true;
}
Exception ignored;
return TryRead(data, out pkcs12Reader, out ignored, captureException: false);
Copy link
Member

@stephentoub stephentoub Apr 18, 2018
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nit: this can be:

public static bool TryRead(byte[] data, out OpenSslPkcs12Reader pkcs12Reader) =>
    TryRead(data, out pkcs12Reader, out _, captureException: false);

Same in various places below.

stephentoub
stephentoub reviewed Apr 18, 2018
View reviewed changes
...rity.Cryptography.X509Certificates/src/Internal/Cryptography/Pal.Unix/OpenSslPkcs12Reader.cs Outdated
if (!p12.IsInvalid)
{
pkcs12Reader = new OpenSslPkcs12Reader(p12);
openSslException = null;
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This setting to null isn't needed, or alternatively moved the earlier setting to null down to the else block below (in which case it'd be good to keep the previous method that follows a similar form in sync with this pattern).

stephentoub
stephentoub reviewed Apr 18, 2018
View reviewed changes
...ecurity.Cryptography.X509Certificates/src/Internal/Cryptography/Pal.Unix/PkcsFormatReader.cs Outdated
{
Interop.Crypto.ErrClearError();
}

return !pkcs7.IsInvalid;
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nit: This is inconsistent from other similar cases. To be consistent it would be:

if (pkcs7.IsInvalid)
{
    Interop.Crypto.ErrClearError();
    return false;
}

return true;

@stephentoub
Copy link
Member

@dotnet-bot test Linux x64 Release Build please (segfault in drawing tests in GdipGetPathPoints)

@pjanotti
Copy link
Contributor Author

Thanks for the review @stephentoub - the 2nd CI pass had also completed without errors if the 3rd one goes well I'll merge this PR and start the tasks to get it into 2.1 branch.

@dotnet-bot test Outerloop Linux x64 Release Build
@dotnet-bot test Outerloop Linux x64 Debug Build
@dotnet-bot test Linux x64 Debug Build

@pjanotti pjanotti merged commit c0083e0 into dotnet:master Apr 18, 2018
@pjanotti pjanotti deleted the more.ssl.error.cleaning.00 branch April 18, 2018 15:53
@karelz karelz modified the milestones: 2.1.0, 2.2.0 Apr 18, 2018
@davidsh davidsh added the os-linux Linux OS (any supported distro) label Apr 18, 2018
pjanotti pushed a commit to pjanotti/corefx that referenced this pull request Apr 18, 2018
More SSL error queue cleaning (dotnet#29171)
bac0402 
* Cleaning up more instances leaving errors on SSL queue

* Fixes #25676
@pjanotti pjanotti mentioned this pull request Apr 18, 2018
Merged
pjanotti pushed a commit that referenced this pull request Apr 19, 2018
More SSL error queue cleaning (#29171) (#29194)
350f931 
* Cleaning up more instances leaving errors on SSL queue

* Fixes #25676
@bartonjs bartonjs mentioned this pull request Feb 7, 2022
Closed
picenka21 pushed a commit to picenka21/runtime that referenced this pull request Feb 18, 2022
More SSL error queue cleaning (dotnet/corefx#29171)
c3a6cba 
* Cleaning up more instances leaving errors on SSL queue

* Fixes dotnet/corefx#25676

Commit migrated from dotnet/corefx@c0083e0
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@stephentoub stephentoub stephentoub approved these changes

@bartonjs bartonjs Awaiting requested review from bartonjs

Assignees

@pjanotti pjanotti

Labels
area-System.Security os-linux Linux OS (any supported distro)
Projects
None yet
Milestone
3.0
Development

Successfully merging this pull request may close these issues.
4 participants
@pjanotti @stephentoub @karelz @davidsh