Merge pull request #229 from ajdavis/CDRIVER-630-block-in-tls-handshake

fix hang in TLS handshake

Author: ajdavis

CMakeLists.txt

@@ -234,7 +234,7 @@ if (OPENSSL_FOUND)
       ${SOURCE_DIR}/tests/test-x509.c
       ${SOURCE_DIR}/tests/ssl-test.c
       ${SOURCE_DIR}/tests/test-mongoc-stream-tls.c
-      ${SOURCE_DIR}/tests/test-mongoc-stream-tls-hangup.c)
+      ${SOURCE_DIR}/tests/test-mongoc-stream-tls-error.c)
    mongoc_add_test(test-replica-set-ssl FALSE
       ${SOURCE_DIR}/tests/test-replica-set-ssl.c
       ${SOURCE_DIR}/tests/ha-test.c

src/mongoc/mongoc-client.c

@@ -283,6 +283,7 @@ mongoc_client_default_stream_initiator (const mongoc_uri_t       *uri,
    const bson_t *options;
    bson_iter_t iter;
    const char *mechanism;
+   int32_t connecttimeoutms = MONGOC_DEFAULT_CONNECTTIMEOUTMS;
 #endif
 
    bson_return_val_if_fail (uri, NULL);
@@ -336,14 +337,20 @@ mongoc_client_default_stream_initiator (const mongoc_uri_t       *uri,
             return NULL;
          }
 
-         if (!mongoc_stream_tls_do_handshake (base_stream, -1) ||
+         if (bson_iter_init_find_case (&iter, options, "connecttimeoutms") &&
+             BSON_ITER_HOLDS_INT32 (&iter)) {
+            if (!(connecttimeoutms = bson_iter_int32(&iter))) {
+               connecttimeoutms = MONGOC_DEFAULT_CONNECTTIMEOUTMS;
+            }
+         }
+
+         if (!mongoc_stream_tls_do_handshake (base_stream, connecttimeoutms) ||
              !mongoc_stream_tls_check_cert (base_stream, host->host)) {
             bson_set_error (error,
                             MONGOC_ERROR_STREAM,
                             MONGOC_ERROR_STREAM_SOCKET,
                             "Failed to handshake and validate TLS certificate.");
             mongoc_stream_destroy (base_stream);
-            base_stream = NULL;
             return NULL;
          }
       }

tests/Makefile.am

@@ -101,7 +101,7 @@ if ENABLE_SSL
 test_libmongoc_SOURCES += \
 	tests/test-x509.c \
 	tests/test-mongoc-stream-tls.c \
-	tests/test-mongoc-stream-tls-hangup.c \
+	tests/test-mongoc-stream-tls-error.c \
 	tests/ssl-test.c \
 	tests/ssl-test.h
 endif

tests/ssl-test.h

@@ -2,6 +2,12 @@
 
 #include <mongoc-thread-private.h>
 
+typedef enum ssl_test_behavior {
+   SSL_TEST_BEHAVIOR_NORMAL,
+   SSL_TEST_BEHAVIOR_HANGUP_AFTER_HANDSHAKE,
+   SSL_TEST_BEHAVIOR_STALL_BEFORE_HANDSHAKE,
+} ssl_test_behavior_t;
+
 typedef enum ssl_test_state {
    SSL_TEST_CRASH,
    SSL_TEST_SUCCESS,
@@ -19,14 +25,16 @@ typedef struct ssl_test_result {
 
 typedef struct ssl_test_data
 {
-   mongoc_ssl_opt_t  *client;
-   mongoc_ssl_opt_t  *server;
-   const char        *host;
-   unsigned short     server_port;
-   mongoc_cond_t      cond;
-   mongoc_mutex_t     cond_mutex;
-   ssl_test_result_t *client_result;
-   ssl_test_result_t *server_result;
+   mongoc_ssl_opt_t    *client;
+   mongoc_ssl_opt_t    *server;
+   ssl_test_behavior_t  behavior;
+   int64_t              handshake_stall_ms;
+   const char          *host;
+   unsigned short       server_port;
+   mongoc_cond_t        cond;
+   mongoc_mutex_t       cond_mutex;
+   ssl_test_result_t   *client_result;
+   ssl_test_result_t   *server_result;
 } ssl_test_data_t;
 
 void

tests/test-libmongoc.c

@@ -48,7 +48,24 @@ extern void test_write_concern_install     (TestSuite *suite);
 #ifdef MONGOC_ENABLE_SSL
 extern void test_x509_install              (TestSuite *suite);
 extern void test_stream_tls_install        (TestSuite *suite);
-extern void test_stream_tls_hangup_install (TestSuite *suite);
+extern void test_stream_tls_error_install  (TestSuite *suite);
+#endif
+
+
+#ifdef _WIN32
+void
+usleep (int64_t usec)
+{
+    HANDLE timer;
+    LARGE_INTEGER ft;
+
+    ft.QuadPart = -(10 * usec);
+
+    timer = CreateWaitableTimer(NULL, true, NULL);
+    SetWaitableTimer(timer, &ft, 0, NULL, NULL, 0);
+    WaitForSingleObject(timer, INFINITE);
+    CloseHandle(timer);
+}
 #endif
 
 
@@ -427,7 +444,7 @@ main (int   argc,
 #ifdef MONGOC_ENABLE_SSL
    test_x509_install (&suite);
    test_stream_tls_install (&suite);
-   test_stream_tls_hangup_install (&suite);
+   test_stream_tls_error_install (&suite);
 #endif
 
    ret = TestSuite_Run (&suite);

tests/test-libmongoc.h

@@ -18,6 +18,12 @@
 #ifndef TEST_LIBMONGOC_H
 #define TEST_LIBMONGOC_H
 
+
+#ifdef _WIN32
+void usleep (int64_t usec);
+#endif
+
+
 char *gen_collection_name (const char *prefix);
 void suppress_one_message (void);
 char *test_framework_get_host (void);

tests/test-mongoc-client.c

@@ -15,24 +15,6 @@
 #undef MONGOC_LOG_DOMAIN
 #define MONGOC_LOG_DOMAIN "client-test"
 
-
-#ifdef _WIN32
-static void
-usleep (int64_t usec)
-{
-    HANDLE timer;
-    LARGE_INTEGER ft;
-
-    ft.QuadPart = -(10 * usec);
-
-    timer = CreateWaitableTimer(NULL, true, NULL);
-    SetWaitableTimer(timer, &ft, 0, NULL, NULL, 0);
-    WaitForSingleObject(timer, INFINITE);
-    CloseHandle(timer);
-}
-#endif
-
-
 static mongoc_collection_t *
 get_test_collection (mongoc_client_t *client,
                      const char      *name)

tests/test-mongoc-stream-tls-hangup.c renamed to tests/test-mongoc-stream-tls-error.c

@@ -18,7 +18,7 @@
  *    7. hangs up
  */
 static void *
-ssl_hangup_server (void *ptr)
+ssl_error_server (void *ptr)
 {
    ssl_test_data_t *data = (ssl_test_data_t *)ptr;
 
@@ -69,18 +69,29 @@ ssl_hangup_server (void *ptr)
    ssl_stream = mongoc_stream_tls_new (sock_stream, data->server, 0);
    assert (ssl_stream);
 
-   r = mongoc_stream_tls_do_handshake (ssl_stream, TIMEOUT);
-   assert (r);
+   switch (data->behavior) {
+   case SSL_TEST_BEHAVIOR_STALL_BEFORE_HANDSHAKE:
+      usleep (data->handshake_stall_ms * 1000);
+      break;
+   case SSL_TEST_BEHAVIOR_HANGUP_AFTER_HANDSHAKE:
+      r = mongoc_stream_tls_do_handshake (ssl_stream, TIMEOUT);
+      assert (r);
+
+      r = mongoc_stream_readv (ssl_stream, &iov, 1, 1, TIMEOUT);
+      assert (r == 1);
+      break;
+   case SSL_TEST_BEHAVIOR_NORMAL:
+   default:
+      fprintf (stderr, "unimplemented ssl_test_behavior_t\n");
+      abort ();
+   }
 
-   r = mongoc_stream_readv (ssl_stream, &iov, 1, 1, TIMEOUT);
-   assert (r == 1);
+   data->server_result->result = SSL_TEST_SUCCESS;
 
    mongoc_stream_close (ssl_stream);
    mongoc_stream_destroy (ssl_stream);
    mongoc_socket_destroy (listen_sock);
 
-   data->server_result->result = SSL_TEST_SUCCESS;
-
    return NULL;
 }
 
@@ -173,14 +184,15 @@ test_mongoc_tls_hangup (void)
 
    data.server = &sopt;
    data.client = &copt;
+   data.behavior = SSL_TEST_BEHAVIOR_HANGUP_AFTER_HANDSHAKE;
    data.server_result = &sr;
    data.client_result = &cr;
    data.host = "localhost";
 
    mongoc_mutex_init (&data.cond_mutex);
    mongoc_cond_init (&data.cond);
 
-   r = mongoc_thread_create (threads, &ssl_hangup_server, &data);
+   r = mongoc_thread_create (threads, &ssl_error_server, &data);
    assert (r == 0);
 
    r = mongoc_thread_create (threads + 1, &ssl_hangup_client, &data);
@@ -198,8 +210,118 @@ test_mongoc_tls_hangup (void)
    ASSERT (sr.result == SSL_TEST_SUCCESS);
 }
 
+
+/** run as a child thread by test_mongoc_tls_handshake_stall
+ *
+ * It:
+ *    1. spins up
+ *    2. waits on a condvar until the server is up
+ *    3. connects to the server's port
+ *    4. attempts handshake
+ *    5. confirms that it times out
+ *    6. shuts down
+ */
+static void *
+handshake_stall_client (void *ptr)
+{
+   ssl_test_data_t *data = (ssl_test_data_t *)ptr;
+   char *uri_str;
+   mongoc_client_t *client;
+   bson_t reply;
+   bson_error_t error;
+   int64_t connect_timeout_ms = data->handshake_stall_ms - 100;
+   int64_t duration_ms;
+
+   int64_t start_time;
+
+   mongoc_mutex_lock (&data->cond_mutex);
+   while (!data->server_port) {
+      mongoc_cond_wait (&data->cond, &data->cond_mutex);
+   }
+   mongoc_mutex_unlock (&data->cond_mutex);
+
+   uri_str = bson_strdup_printf (
+      "mongodb://localhost:%u/?ssl=true&connecttimeoutms=%" PRId64,
+      data->server_port, connect_timeout_ms);
+
+   client = mongoc_client_new (uri_str);
+
+   /* we should time out after about 200ms */
+   start_time = bson_get_monotonic_time ();
+   mongoc_client_get_server_status (client,
+                                    NULL,
+                                    &reply,
+                                    &error);
+
+   /* time is in microseconds */
+   duration_ms = (bson_get_monotonic_time () - start_time) / 1000;
+
+   if (llabs(duration_ms - connect_timeout_ms) > 100) {
+      fprintf (stderr,
+               "expected timeout after about 200ms, not %" PRId64 "\n",
+               duration_ms);
+      abort ();
+   }
+
+   data->client_result->result = SSL_TEST_SUCCESS;
+
+   bson_destroy (&reply);
+   mongoc_client_destroy (client);
+   bson_free (uri_str);
+
+   return NULL;
+}
+
+
+static void
+test_mongoc_tls_handshake_stall (void)
+{
+   mongoc_ssl_opt_t sopt = { 0 };
+   mongoc_ssl_opt_t copt = { 0 };
+   ssl_test_result_t sr;
+   ssl_test_result_t cr;
+   ssl_test_data_t data = { 0 };
+   mongoc_thread_t threads[2];
+   int i, r;
+
+   sopt.pem_file = PEMFILE_NOPASS;
+   sopt.weak_cert_validation = 1;
+   copt.weak_cert_validation = 1;
+
+   data.server = &sopt;
+   data.client = &copt;
+   data.behavior = SSL_TEST_BEHAVIOR_STALL_BEFORE_HANDSHAKE;
+   data.handshake_stall_ms = 300;
+   data.server_result = &sr;
+   data.client_result = &cr;
+   data.host = "localhost";
+
+   mongoc_mutex_init (&data.cond_mutex);
+   mongoc_cond_init (&data.cond);
+
+   r = mongoc_thread_create (threads, &ssl_error_server, &data);
+   assert (r == 0);
+
+   r =
+      mongoc_thread_create (threads + 1, &handshake_stall_client, &data);
+   assert (r == 0);
+
+   for (i = 0; i < 2; i++) {
+      r = mongoc_thread_join (threads[i]);
+      assert (r == 0);
+   }
+
+   mongoc_mutex_destroy (&data.cond_mutex);
+   mongoc_cond_destroy (&data.cond);
+
+   ASSERT (cr.result == SSL_TEST_SUCCESS);
+   ASSERT (sr.result == SSL_TEST_SUCCESS);
+}
+
 void
-test_stream_tls_hangup_install (TestSuite *suite)
+test_stream_tls_error_install (TestSuite *suite)
 {
    TestSuite_Add (suite, "/TLS/hangup", test_mongoc_tls_hangup);
+   TestSuite_Add (suite, "/TLS/handshake_stall",
+                  test_mongoc_tls_handshake_stall);
 }