[Vortex] TLS Failure Segfault

Francis Brosnan Blázquez francis at aspl.es
Mon May 28 20:50:18 CEST 2012

Hi Jason,

> When utilizing vortex_tls_set_auto_tls and then vortex_connection_new,
> should the connection returned be the newly created TLS attempted
> connection?  It appears we are receiving the original, non-TLS,
> connection back.

Ok, it depends on where the failure happens. It if is before TLS BEEP
handshake finishes (request for tuning reset), then the original
connection is returned. If it during the TLS handshake it self, then the
new connection is returned. 

But if it happens after these both steps (greetings not accepted after
TLS is running), in such case, the new connection is returned too.

In all these cases, vortex_connection_is_ok (conn, axl_true/axl_false)
should work without problem :-?

In your case, where happens the problem?

Are you allowing tls failures (allow_tls_failures param) at

> > 2) The patch proposes to move the unref code until the end, but that
> >   will cause leaks due to all wrong branches before (wrong
> greetings,  
> >   TLS handshake failure, ....) where the reference is not finished.
> My apologies, upon closer inspection of the valgrind output it does
> appear that when segfaulting and my patch have the same memory leaks.
> This appears to be due to the TLS connection being lost.
> > Just a question about your description. What's the connection being
> > checked with vortex_connection_is_ok (conn, axl_true) after tls
> failure?
> > The one returned by the tls activation or the starting connection?
> > 
> > You must forget about the starting connection when you call to
> activate
> > TLS because that function may replace your reference, even after
> failure
> > (something may go wrong after TLS finished right, for example BEEP
> > session doesn't agree)....
> How should the connection be checked?  

Using vortex_connection_is_ok, without exception.

> Rather, how should the new, failed, TLS connection be acquired?  I
> cannot seem to locate a method that will retrieve the failed TLS
> connection that has been created.  When the TLS connection succeeds,
> the connection returned is the TLS-ificated connection, but not when
> it fails.

In both cases you get the connection that replaces the old, so there is
no specific method to get the connection when a failure happens. 

The case you describe is covered by several reg tests, especially
test-05-a [1], that's why I don't see how you get a wrong reference
connection on failure.

Maybe you can provide a valgrind trace showing relevant information or a
test case to reproduce the problem...

Best Regards,

[1] https://dolphin.aspl.es/svn/publico/af-arch/trunk/libvortex-1.1/test/vortex-regression-client.c

> Thank you!
> Jason

More information about the Vortex mailing list