Avoid treating an OpenSSL error as a permanent error#4294
Merged
Emanuele Sabellico (emasab) merged 3 commits intomasterfrom Jun 14, 2023
Merged
Avoid treating an OpenSSL error as a permanent error#4294Emanuele Sabellico (emasab) merged 3 commits intomasterfrom
Emanuele Sabellico (emasab) merged 3 commits intomasterfrom
Conversation
Emanuele Sabellico (emasab)
force-pushed
the
dev_fix_4293_ssl_offset_reset
branch
2 times, most recently
from
b5e7c53 to
a0a5c15
Compare
doesn't cause an offset reset
and treat unclean SSL closes as normal ones fixes #4293
Emanuele Sabellico (emasab)
force-pushed
the
dev_fix_4293_ssl_offset_reset
branch
from
a0a5c15 to
cd32771
Compare
7 tasks
Contributor
Author
Pranav Rathi (pranavrth)
requested changes
Jun 12, 2023
7 tasks
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
and treat unclean SSL closes as normal ones.
When SSL connections are closed without
close_notify, in OpenSSL 3.x (librdkafka 2.0.2) a new type of error is set and it was interpreted as permanent in librdkafka. It can cause a different issue depending on the RPC. If received when waiting for OffsetForLeaderEpoch response (librdkafka 2.1.x), it triggers an offset reset following the configured policy. Solved by treating SSL errors as transport errors and by setting an OpenSSL flag that allows to treat unclean SSL closes as normal ones. These types of errors can happen it the other side doesn't supportclose_notifyor if there's a TCP connection reset.