TclTLS
History Of Ticket 657abb4cd1
Login
HomeTimelineDownloadBrowse SourceBranchesTagsTicketsWiki
Check-ins Status Timeline

Artifacts Associated With Ticket 657abb4cd1

  1. Ticket change [01f98a177b] (rid 1342) by anonymous on 2018-03-21 16:23:14:

    1. foundin initialized to: "1.7.16"
    2. icomment: 
      If a parent process opens a TLS socket prior to forking, and its child process closes it, this has the unfortunate side-effect of terminating the parent's connection.  With a non-TLS socket this does not happen, i.e., closing the parent's socket in the child has no effect on the parent.
<br><br>
If a fix for this is not implemented, could you please detail what code changes would be necessary to do so?  That way I can implement it myself without requiring it to be a feature for all users of this library.
    3. login: "anonymous"
    4. mimetype: "text/html"
    5. private_contact initialized to: "402047c59996d0e7bae134707a6f222ec0914675"
    6. severity initialized to: "Important"
    7. status initialized to: "Open"
    8. title initialized to: "TLS Socket Closed in Child Process"
    9. type initialized to: "Feature Request"

  2. Ticket change [35f8675f69] (rid 1343) by anonymous on 2018-03-21 17:49:16:

    1. icomment: 
      In tls.c, Tls_Clean, if I comment out the BIO_free_all call, this problem goes away.  However, will this cause a memory leak?  Is there some better way you can think of that I can handle this situation?  I would ideally like the option of closing the socket and freeing all OpenSSL structures but not sending a close notify.
    2. login: "anonymous"
    3. mimetype: "text/x-fossil-plain"
    4. priority changed to: "Immediate"
    5. resolution changed to: "Open"

  3. Ticket change [183ca4dc02] (rid 1475) by rkeene on 2019-11-14 01:11:32:

    1. icomment: 
      Probably the best solution is to enable "fast-path" during compilation, which
lets OpenSSL handle that part of the process for TCP sockets.  This will
eventually be made the default, it seems to be much better.
    2. login: "rkeene"
    3. mimetype: "text/x-fossil-plain"

  4. Ticket change [e4f8b328ed] (rid 4119) by bohagan on 2025-10-11 22:58:49:

    1. icomment: 
      Part of the confusion is TLS is not a socket connection, but a protocol on top of
it. So if the TLS session is "shutdown" in the child, it is no longer available in
the parent. However, the channel itself may remain available if tls::unimport is
used instead of close, but the TLS session is itself terminated. This assumes the
other end doesn't close the socket when it receives the close_notify.
    2. login: "bohagan"
    3. mimetype: "text/x-fossil-plain"
    4. resolution changed to: "Works_As_Designed"
    5. status changed to: "Closed"
Powered by Fossil · RSS