Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/trunk]: src/usr.sbin/syslogd With TLSv1.3 a client has to receive and pr...
details: https://anonhg.NetBSD.org/src/rev/2ee2c5d975a3
branches: trunk
changeset: 1004327:2ee2c5d975a3
user: hannken <hannken%NetBSD.org@localhost>
date: Thu Oct 24 08:21:18 2019 +0000
description:
With TLSv1.3 a client has to receive and process metadata.
Update dispatch_tls_eof() to check for metadata and
rearm on success.
Ok: christos@
diffstat:
usr.sbin/syslogd/tls.c | 21 ++++++++++++++++++---
1 files changed, 18 insertions(+), 3 deletions(-)
diffs (54 lines):
diff -r a0b8859f72a9 -r 2ee2c5d975a3 usr.sbin/syslogd/tls.c
--- a/usr.sbin/syslogd/tls.c Thu Oct 24 03:37:58 2019 +0000
+++ b/usr.sbin/syslogd/tls.c Thu Oct 24 08:21:18 2019 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: tls.c,v 1.16 2018/02/08 17:45:29 christos Exp $ */
+/* $NetBSD: tls.c,v 1.17 2019/10/24 08:21:18 hannken Exp $ */
/*-
* Copyright (c) 2008 The NetBSD Foundation, Inc.
@@ -45,7 +45,7 @@
*/
#include <sys/cdefs.h>
-__RCSID("$NetBSD: tls.c,v 1.16 2018/02/08 17:45:29 christos Exp $");
+__RCSID("$NetBSD: tls.c,v 1.17 2019/10/24 08:21:18 hannken Exp $");
#ifndef DISABLE_TLS
#include <sys/stat.h>
@@ -1450,7 +1450,7 @@
*
* I do not know if libevent can tell us the difference
* between available data and an EOF. But it does not matter
- * because there should not be any incoming data.
+ * because there should not be any incoming data beside metadata.
* So we close the connection either because the peer closed its
* side or because the peer broke the protocol by sending us stuff ;-)
*/
@@ -1460,11 +1460,26 @@
struct tls_conn_settings *conn_info = (struct tls_conn_settings *) arg;
sigset_t newmask, omask;
struct timeval tv;
+ int rc;
+ char buf[1];
BLOCK_SIGNALS(omask, newmask);
DPRINTF((D_TLS|D_EVENT|D_CALL), "dispatch_eof_tls(%d, %d, %p)\n",
fd, event, arg);
assert(conn_info->state == ST_TLS_EST);
+
+ /* First check for incoming metadata. */
+ ST_CHANGE(conn_info->state, ST_READING);
+ rc = SSL_read(conn_info->sslptr, buf, sizeof(buf));
+ ST_CHANGE(conn_info->state, ST_TLS_EST);
+ if (rc <= 0 && tls_examine_error("SSL_read()", conn_info->sslptr,
+ conn_info, rc) == TLS_RETRY_READ) {
+ /* Connection is still alive, rearm and return. */
+ EVENT_ADD(conn_info->event);
+ RESTORE_SIGNALS(omask);
+ return;
+ }
+
ST_CHANGE(conn_info->state, ST_EOF);
DEL_EVENT(conn_info->event);
Home |
Main Index |
Thread Index |
Old Index