fix: ssl iostream used to return errors without setting them via diag_set (V2) (!216) · Merge requests · core / tarantool

Maksim Kaitmazian requested to merge max/fix-flaky-ssl-luatest/replication_test.lua into 2.11.5-picodata Dec 06, 2024

Summary

fix: ssl iostream used to return errors without setting them via diag_set

ssl-luatest/replication_test.lua used to fail because there was no error set in diag. Actually, the error was set, but in another fiber. The erroneous scenario was as follows:

A fatal error occurs in one fiber, this fiber poisons iostream with SSL_IOSTREAM_POISON flag and reports the error using diag_set. This operation fails with an error reported.
Another fiber starts a new operation and discovers that SSL_IOSTREAM_POISON is set, so it returns IOSTREAM_ERROR early. However, the error was set only in another fiber, not in this one (errors are fiber local), so diag_raise fails on the assertion.

This commit resolves this problem by removing poisoning logic. If a fatal error occurred, further errors will be reported by opensll, not due to the flag. It also adds a new flag SSL_SHUTDOWN_MUST_NOT_BE_CALLED, which purpose is described in its comment.

Note that the same strategy is used in rust-openssl: https://github.com/sfackler/rust-openssl/issues/2334

Closes picodata#890.

NO_DOC=internal NO_TEST=internal NO_CHANGELOG=internal

Docs follow-up: not necessary

fix: ssl iostream used to return errors without setting them via diag_set (V2)

Merge request reports