We did take this in small steps. The only part that was removed from HTTP
was dealing with the OpenSSL context. Even then, HTTP creates it's own
context and uses whatever parameters (typically the cert, CA, and key)
present in the global context. After that, all the code paths remained
the same. It seemed taking this approach was the safest as opposed to a
wholescale rewrite. Just one step at a time :-) Note that we did turn off
session caching as most people agreed it was of dubious and likely
dangerous value. I'm starting to thing that for HTTP that might not have
been a good idea.

On Tue, 14 Jul 2020, Brian P Bockelman wrote:

> Thanks for the debugging @olifre !
>
> Indeed, between 4.x and 5.x, the TLS code supporting HTTP was completely rewritten. It went from direct calls in XrdHttp to OpenSSL to having `XrdHttp` invoke some shared code (`XrdTls`, also used by the `xrootd` protocol implementation) which then invokes OpenSSL.
>
> So, given the amount of new code, it's not particularly surprising this is 5.x specific -- and that probably is useful in narrowing down the source of the problem.
>
> There's some tricky locking required to enable concurrency. Could you do a thread dump when this occurs (`pstack $(pidof xrootd)` from the command line) and see if there's anything obviously stuck?
>
> --
> You are receiving this because you are subscribed to this thread.
> Reply to this email directly or view it on GitHub:
> https://github.com/xrootd/xrootd/issues/1252#issuecomment-658401808

—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub, or unsubscribe.

[ { "@context": "http://schema.org", "@type": "EmailMessage", "potentialAction": { "@type": "ViewAction", "target": "https://github.com/xrootd/xrootd/issues/1252#issuecomment-658545985", "url": "https://github.com/xrootd/xrootd/issues/1252#issuecomment-658545985", "name": "View Issue" }, "description": "View this Issue on GitHub", "publisher": { "@type": "Organization", "name": "GitHub", "url": "https://github.com" } } ]

Use REPLY-ALL to reply to list

To unsubscribe from the XROOTD-DEV list, click the following link:
https://listserv.slac.stanford.edu/cgi-bin/wa?SUBED1=XROOTD-DEV&A=1