
Asio, SSL, and scalability - ingve
https://konradzemek.com/2015/08/16/asio-ssl-and-scalability/
======
viraptor
I'm so confused by his analysis:

> A look at engine::perform implementation in engine.ipp quickly shows us
> that... everything is fine.

Here's the beginning of perform():

    
    
        ::ERR_clear_error();
        int result = (this->*op)(data, length);
        int ssl_error = ::SSL_get_error(ssl_, result);
        int sys_error = static_cast<int>(::ERR_get_error());
    

So the lock contention is in SSL_get_error / ERR_get_error? I see a big
problem here - stop checking them on success!

    
    
        int result = (this->*op)(data, length);
        int ssl_error = SSL_ERROR_NONE;
        int sys_error = 0;
        if (result != 1) {
            ssl_error = ::SSL_get_error(ssl_, result);
            sys_error = static_cast<int>(::ERR_get_error());
            ::ERR_clear_error();
        }
    

The move of the error clearing to right after they're retrieved, may not be
completely right so the rest of the code needs to be checked. But the general
idea should eliminate the lock contention completely. (unless they deal with
mostly connection errors)

------
hannibalhorn
Are there that many situations where you can't just put a SSL proxy in front
of a standard HTTP server, and keep the application itself simpler?

If I were a sysadmin in charge of just keeping in-house applications running,
I'd really hate it if some SSL layer bug meant I had to figure out how to
recompile some custom application - especially one using boost! - not to
mention figuring out how to update certificates and that sort of thing.

~~~
KayEss
I also would tend to agree on this, if you're talking server sockets. With
client sockets this is still very relevant though.

------
cup
Not to be confused with Australian Security and Intelligence Organisation.

------
willvarfar
Arr you going to raise a ticket on libressl so they know to fix it?

------
zmanian
What's the name of the profiling tool from the examples?

~~~
pquerna
Instruments:

[https://developer.apple.com/library/mac/documentation/Develo...](https://developer.apple.com/library/mac/documentation/DeveloperTools/Conceptual/InstrumentsUserGuide/Introduction/Introduction.html)

Which for some features it just a fancy UI on top of dtrace, but still a good
way to get started with these kinds of things.

~~~
X-Istence
Fancy UI or not, it is an absolutely invaluable tool when profiling code on OS
X. The memory leak detector is really neat too, and has helped me numerous
times track down where I am leaking memory.

