Change -K semantics: timeout *during handshake*, not afterwards

 - the TLS tunnel itself should be transparent so it has no business
shutting down the connection no matter how long the app takes
 - there's still an undetectable situation on some kernels where
EOF doesn't get transmitted from the network, and the engine is in
the handshake, and it can't do anything but wait forever. A timeout
is useful here: dawg, your peer is never going to send any more data,
you should just give up.
 - if the situation happens after the handshake, the *app* should
have a timeout and die. The tunnel will follow suit.
 - libtls has a blocking tls_handshake() blackbox, we cannot give it
a timeout. Too bad, use bearssl.

1 files changed, 7 insertions, 3 deletions

diff --git a/src/sbearssl/sbearssl_run.c b/src/sbearssl/sbearssl_run.c
index 6a350a9..e097698 100644
--- a/src/sbearssl/sbearssl_run.c
+++ b/src/sbearssl/sbearssl_run.c
@@ -29,7 +29,7 @@ void sbearssl_run (br_ssl_engine_context *ctx, int *fds, tain_t const *tto, uint
 
   for (;;)
   {
-    tain_t deadline ;
+    tain_t deadline = tain_infinite_relative ;
     unsigned int j = 0 ;
     unsigned int state = br_ssl_engine_current_state(ctx) ;
     int r ;
@@ -76,9 +76,13 @@ void sbearssl_run (br_ssl_engine_context *ctx, int *fds, tain_t const *tto, uint
     }
     else xindex[3] = 4 ;
 
-    if ((xindex[0] == 4 && xindex[1] == 4 && xindex[3] == 4 && handshake_done) || !j) break ;
+    if (xindex[0] == 4 && xindex[1] == 4 && xindex[3] == 4)
+    {
+      if (!j || handshake_done) break ;
+      deadline = *tto ;
+    }
 
-    tain_add_g(&deadline, fds[0] >= 0 && fds[2] >= 0 && state & (BR_SSL_SENDAPP | BR_SSL_RECVREC) ? tto : &tain_infinite_relative) ;
+    tain_add_g(&deadline, &deadline) ;
     r = iopause_g(x, j, &deadline) ;
     if (r < 0) strerr_diefu1sys(111, "iopause") ;
     else if (!r) break ;