summaryrefslogtreecommitdiff
path: root/src/sbearssl/sbearssl_s6tlsc.c
diff options
context:
space:
mode:
authorLaurent Bercot <ska-skaware@skarnet.org>2017-03-22 21:37:30 +0000
committerLaurent Bercot <ska-skaware@skarnet.org>2017-03-22 21:37:30 +0000
commitdddbfab568d42e443f102d35c84432824cc59fee (patch)
tree4983b1f5b44f861a3abc60ba7d47476820fcbb2f /src/sbearssl/sbearssl_s6tlsc.c
parent6278e21405c40df65f8de6a9799576d1eb346164 (diff)
downloads6-networking-dddbfab568d42e443f102d35c84432824cc59fee.tar.xz
Fix case where s6-tls[cd] would sometimes not detect an application and remain there forever with its zombie, both condemned to err in limbo for all eternity, the living and the dead, hand in hand
Diffstat (limited to 'src/sbearssl/sbearssl_s6tlsc.c')
-rw-r--r--src/sbearssl/sbearssl_s6tlsc.c29
1 files changed, 10 insertions, 19 deletions
diff --git a/src/sbearssl/sbearssl_s6tlsc.c b/src/sbearssl/sbearssl_s6tlsc.c
index e01e25e..267d79c 100644
--- a/src/sbearssl/sbearssl_s6tlsc.c
+++ b/src/sbearssl/sbearssl_s6tlsc.c
@@ -14,10 +14,11 @@
int sbearssl_s6tlsc (char const *const *argv, char const *const *envp, tain_t const *tto, uint32_t preoptions, uint32_t options, uid_t uid, gid_t gid, unsigned int verbosity, char const *servername, int *sfd)
{
- int fds[4] = { sfd[0], sfd[1], sfd[0], sfd[1] } ;
+ int fds[5] = { sfd[0], sfd[1], sfd[0], sfd[1] } ;
stralloc storage = STRALLOC_ZERO ;
genalloc tas = GENALLOC_ZERO ;
size_t talen ;
+ pid_t pid ;
if (preoptions & 1)
strerr_dief1x(100, "client certificates are not supported yet") ;
@@ -44,31 +45,26 @@ int sbearssl_s6tlsc (char const *const *argv, char const *const *envp, tain_t co
strerr_dief2x(96, "no trust anchor found in ", x) ;
}
+ if (!random_init()) strerr_diefu1sys(111, "initialize random generator") ;
+
+ pid = sbearssl_prep_spawn_drop(argv, envp, fds, uid, gid, !!(preoptions & 2)) ;
+
{
unsigned char buf[BR_SSL_BUFSIZE_BIDI] ;
br_x509_minimal_context xc ;
br_ssl_client_context cc ;
br_x509_trust_anchor btas[talen] ;
size_t i = talen ;
- pid_t pid ;
+ int wstat ;
stralloc_shrink(&storage) ;
while (i--)
sbearssl_ta_to(genalloc_s(sbearssl_ta, &tas) + i, btas + i, storage.s) ;
genalloc_free(sbearssl_ta, &tas) ;
-
br_ssl_client_init_full(&cc, &xc, btas, talen) ;
-
- if (!random_init())
- strerr_diefu1sys(111, "initialize random generator") ;
random_string((char *)buf, 32) ;
br_ssl_engine_inject_entropy(&cc.eng, buf, 32) ;
random_finish() ;
-
- pid = sbearssl_clean_tls_and_spawn(argv, envp, fds, !!(preoptions & 2)) ;
- if (gid && setgid(gid) < 0) strerr_diefu1sys(111, "setgid") ;
- if (uid && setuid(uid) < 0) strerr_diefu1sys(111, "setuid") ;
-
br_ssl_engine_set_buffer(&cc.eng, buf, sizeof(buf), 1) ;
if (!br_ssl_client_reset(&cc, servername, 0))
strerr_diefu2x(97, "reset client context: ", sbearssl_error_str(br_ssl_engine_last_error(&cc.eng))) ;
@@ -76,13 +72,8 @@ int sbearssl_s6tlsc (char const *const *argv, char const *const *envp, tain_t co
if (!sbearssl_x509_minimal_set_tain(&xc, &STAMP))
strerr_diefu1sys(111, "initialize validation time") ;
- {
- int wstat ;
- int r = sbearssl_run(&cc.eng, fds, verbosity, options, tto) ;
- if (r < 0) strerr_diefu1sys(111, "run SSL engine") ;
- else if (r) strerr_diefu2x(98, "establish or maintain SSL connection to peer: ", sbearssl_error_str(r)) ;
- if (wait_pid(pid, &wstat) < 0) strerr_diefu1sys(111, "wait_pid") ;
- return wait_estatus(wstat) ;
- }
+ wstat = sbearssl_run(&cc.eng, fds, pid, verbosity, options, tto) ;
+ if (wstat < 0 && wait_pid(pid, &wstat) < 0) strerr_diefu1sys(111, "wait_pid") ;
+ return wait_estatus(wstat) ;
}
}
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-10 22:17:29 +0000