diff options
| author | Laurent Bercot <ska-skaware@skarnet.org> | 2020-12-07 12:53:54 +0000 |
|---|---|---|
| committer | Laurent Bercot <ska-skaware@skarnet.org> | 2020-12-07 12:53:54 +0000 |
| commit | f7e676abdc799fcee5138807447b5e91ab05508f (patch) | |
| tree | 8ae74c9bf26c3ffde8acd9330787ab2b80902bb0 /src/tls/s6-tlsd-io.c | |
| parent | 0de4e6e0703f47be954f4cfa37648dd58665c819 (diff) | |
| download | s6-networking-f7e676abdc799fcee5138807447b5e91ab05508f.tar.xz | |
Change -K semantics: timeout *during handshake*, not afterwards
- the TLS tunnel itself should be transparent so it has no business
shutting down the connection no matter how long the app takes
- there's still an undetectable situation on some kernels where
EOF doesn't get transmitted from the network, and the engine is in
the handshake, and it can't do anything but wait forever. A timeout
is useful here: dawg, your peer is never going to send any more data,
you should just give up.
- if the situation happens after the handshake, the *app* should
have a timeout and die. The tunnel will follow suit.
- libtls has a blocking tls_handshake() blackbox, we cannot give it
a timeout. Too bad, use bearssl.
Diffstat (limited to 'src/tls/s6-tlsd-io.c')
| -rw-r--r-- | src/tls/s6-tlsd-io.c | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/src/tls/s6-tlsd-io.c b/src/tls/s6-tlsd-io.c index 75bd1e4..b6621dd 100644 --- a/src/tls/s6-tlsd-io.c +++ b/src/tls/s6-tlsd-io.c @@ -31,7 +31,8 @@ static inline void doit (int *fds, tain_t const *tto, uint32_t preoptions, uint3 strerr_diefu1sys(111, "write post-handshake data") ; fd_close(notif) ; } - stls_run(ctx, fds, tto, options, verbosity) ; + (void)tto ; + stls_run(ctx, fds, options, verbosity) ; } #else |