diff options
| author | Laurent Bercot <ska-skaware@skarnet.org> | 2020-12-07 12:53:54 +0000 |
|---|---|---|
| committer | Laurent Bercot <ska-skaware@skarnet.org> | 2020-12-07 12:53:54 +0000 |
| commit | f7e676abdc799fcee5138807447b5e91ab05508f (patch) | |
| tree | 8ae74c9bf26c3ffde8acd9330787ab2b80902bb0 /src/stls | |
| parent | 0de4e6e0703f47be954f4cfa37648dd58665c819 (diff) | |
| download | s6-networking-f7e676abdc799fcee5138807447b5e91ab05508f.tar.xz | |
Change -K semantics: timeout *during handshake*, not afterwards
- the TLS tunnel itself should be transparent so it has no business
shutting down the connection no matter how long the app takes
- there's still an undetectable situation on some kernels where
EOF doesn't get transmitted from the network, and the engine is in
the handshake, and it can't do anything but wait forever. A timeout
is useful here: dawg, your peer is never going to send any more data,
you should just give up.
- if the situation happens after the handshake, the *app* should
have a timeout and die. The tunnel will follow suit.
- libtls has a blocking tls_handshake() blackbox, we cannot give it
a timeout. Too bad, use bearssl.
Diffstat (limited to 'src/stls')
| -rw-r--r-- | src/stls/stls_run.c | 8 |
1 files changed, 2 insertions, 6 deletions
diff --git a/src/stls/stls_run.c b/src/stls/stls_run.c index e8305bf..559ebe9 100644 --- a/src/stls/stls_run.c +++ b/src/stls/stls_run.c @@ -9,7 +9,6 @@ #include <skalibs/error.h> #include <skalibs/buffer.h> #include <skalibs/strerr2.h> -#include <skalibs/tai.h> #include <skalibs/iopause.h> #include <skalibs/djbunix.h> @@ -112,7 +111,7 @@ static void closeit (struct tls *ctx, int *fds, int brutal) fd_close(fds[3]) ; fds[3] = -1 ; } -void stls_run (struct tls *ctx, int *fds, tain_t const *tto, uint32_t options, unsigned int verbosity) +void stls_run (struct tls *ctx, int *fds, uint32_t options, unsigned int verbosity) { tlsbuf_t b[2] = { { .blockedonother = 0 }, { .blockedonother = 0 } } ; iopause_fd x[4] ; @@ -129,12 +128,9 @@ void stls_run (struct tls *ctx, int *fds, tain_t const *tto, uint32_t options, u for (;;) { - tain_t deadline ; unsigned int j = 0 ; int r ; - tain_add_g(&deadline, fds[0] >= 0 && fds[2] >= 0 && buffer_isempty(&b[0].b) && buffer_isempty(&b[1].b) ? tto : &tain_infinite_relative) ; - /* poll() preparation */ @@ -175,7 +171,7 @@ void stls_run (struct tls *ctx, int *fds, tain_t const *tto, uint32_t options, u /* poll() */ - r = iopause_g(x, j, &deadline) ; + r = iopause_g(x, j, 0) ; if (r < 0) strerr_diefu1sys(111, "iopause") ; else if (!r) break ; |