[omniORB-dev] OO 4.0.5 SSL shutdown deadlock & patch

[Jonathan Biggar]

I've found that in some circumstances with a heavy load of establishing 
and tearing down SSL connections, an omniORB server can deadlock in 
orb->shutdown().

The problem is that sslEndpoint::Poke calls sslAddress::Connect while 
holding giopServer::pd_lock, but giopServer::notifyRzNewConnection wants 
to acquire the lock.  In some timing circumstances, this can happen 
before the SSL handshake is completed, so sslAddress::Connect is still 
sycnronously blocked waiting for SSL_Connect to return.

The *correct* solution to this problem would be to make both the client 
and server side SSL processing handle the SSL handshake asynchronously 
after the TCP connection has been established, but that's a bit more 
than I wanted to fix.

Here's a patch that works around the problem by making sslEndpoint::Poke 
set a timeout on the call to sslAddress::Connect.  If the timeout 
happens, you'll get the error message "Warning: Fail to connect to 
myself", but that's far better than a deadlock.

--- omniORB-4.0.5/src/lib/omniORB/orbcore/ssl/sslEndpoint.cc.orig 
2005-04-08 13:37:50.000000000 -0700
+++ omniORB-4.0.5/src/lib/omniORB/orbcore/ssl/sslEndpoint.cc 
2005-04-08 13:37:58.000000000 -0700
@@ -329,7 +329,7 @@

    sslAddress* target = new sslAddress(pd_address,pd_ctx);
    giopActiveConnection* conn;
-  if ((conn = target->Connect()) == 0) {
+  if ((conn = target->Connect(1)) == 0) {
      if (omniORB::trace(1)) {
        omniORB::logger log;
        log << "Warning: Fail to connect to myself ("

-- 
Jon Biggar
Levanta
jon at levanta.com