forked from lda/telodendria
Fix strange behavior in TlsLibreSSL.
tls_read() and tls_write() may return TLS_WANT_POLLIN or TLS_WANT_POLLOUT if data isn't ready to be read or written yet. We have to account for this by converting it to EAGAIN, which is how a typical read() or write() function should behave. Also installed a SIGPIPE handler; we do not want to be terminated by SIGPIPE, and it's safe to ignore this signal because it should be handled thoroughly in the code.
This commit is contained in:
parent
2441f07848
commit
e13442c122
4 changed files with 67 additions and 29 deletions
|
@ -10,6 +10,13 @@
|
||||||
{
|
{
|
||||||
"port": 8008,
|
"port": 8008,
|
||||||
"tls": false
|
"tls": false
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"port": 8448,
|
||||||
|
"tls": {
|
||||||
|
"cert": "telodendria.crt",
|
||||||
|
"key": "telodendria.key"
|
||||||
|
}
|
||||||
}
|
}
|
||||||
],
|
],
|
||||||
"registration": true,
|
"registration": true,
|
||||||
|
|
50
src/Main.c
50
src/Main.c
|
@ -48,22 +48,26 @@
|
||||||
static Array *httpServers = NULL;
|
static Array *httpServers = NULL;
|
||||||
|
|
||||||
static void
|
static void
|
||||||
TelodendriaSignalHandler(int signalNo)
|
TelodendriaSignalHandler(int signal)
|
||||||
{
|
{
|
||||||
size_t i;
|
size_t i;
|
||||||
|
|
||||||
(void) signalNo;
|
switch (signal)
|
||||||
|
|
||||||
if (!httpServers)
|
|
||||||
{
|
{
|
||||||
return;
|
case SIGPIPE:
|
||||||
}
|
return;
|
||||||
|
case SIGINT:
|
||||||
|
if (!httpServers)
|
||||||
|
{
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
for (i = 0; i < ArraySize(httpServers); i++)
|
for (i = 0; i < ArraySize(httpServers); i++)
|
||||||
{
|
{
|
||||||
HttpServer *server = ArrayGet(httpServers, i);
|
HttpServer *server = ArrayGet(httpServers, i);
|
||||||
|
HttpServerStop(server);
|
||||||
HttpServerStop(server);
|
}
|
||||||
|
break;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -478,17 +482,23 @@ main(int argc, char **argv)
|
||||||
sigfillset(&sigAction.sa_mask);
|
sigfillset(&sigAction.sa_mask);
|
||||||
sigAction.sa_flags = SA_RESTART;
|
sigAction.sa_flags = SA_RESTART;
|
||||||
|
|
||||||
if (sigaction(SIGINT, &sigAction, NULL) < 0)
|
#define SIGACTION(sig, act, oact) \
|
||||||
{
|
if (sigaction(sig, act, oact) < 0) \
|
||||||
Log(LOG_ERR, "Unable to install signal handler.");
|
{ \
|
||||||
exit = EXIT_FAILURE;
|
Log(LOG_ERR, "Unable to install signal handler: %s", #sig); \
|
||||||
goto finish;
|
exit = EXIT_FAILURE; \
|
||||||
}
|
goto finish; \
|
||||||
else
|
} \
|
||||||
{
|
else \
|
||||||
Log(LOG_DEBUG, "Installed SIGINT signal handler.");
|
{ \
|
||||||
|
Log(LOG_DEBUG, "Installed signal handler: %s", #sig); \
|
||||||
}
|
}
|
||||||
|
|
||||||
|
SIGACTION(SIGINT, &sigAction, NULL);
|
||||||
|
SIGACTION(SIGPIPE, &sigAction, NULL);
|
||||||
|
|
||||||
|
#undef SIGACTION
|
||||||
|
|
||||||
/* Block this thread until the servers are terminated by a signal
|
/* Block this thread until the servers are terminated by a signal
|
||||||
* handler */
|
* handler */
|
||||||
for (i = 0; i < ArraySize(httpServers); i++)
|
for (i = 0; i < ArraySize(httpServers); i++)
|
||||||
|
|
|
@ -28,6 +28,8 @@
|
||||||
#include <Memory.h>
|
#include <Memory.h>
|
||||||
#include <Log.h>
|
#include <Log.h>
|
||||||
|
|
||||||
|
#include <errno.h>
|
||||||
|
|
||||||
#include <tls.h> /* LibreSSL TLS */
|
#include <tls.h> /* LibreSSL TLS */
|
||||||
|
|
||||||
typedef struct LibreSSLCookie
|
typedef struct LibreSSLCookie
|
||||||
|
@ -74,6 +76,11 @@ TlsInitClient(int fd, const char *serverName)
|
||||||
goto error;
|
goto error;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (tls_handshake(cookie->ctx) == -1)
|
||||||
|
{
|
||||||
|
goto error;
|
||||||
|
}
|
||||||
|
|
||||||
return cookie;
|
return cookie;
|
||||||
|
|
||||||
error:
|
error:
|
||||||
|
@ -119,25 +126,26 @@ TlsInitServer(int fd, const char *crt, const char *key)
|
||||||
|
|
||||||
if (tls_config_set_cert_file(cookie->cfg, crt) == -1)
|
if (tls_config_set_cert_file(cookie->cfg, crt) == -1)
|
||||||
{
|
{
|
||||||
Log(LOG_ERR, "Error with certificate file.");
|
|
||||||
goto error;
|
goto error;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (tls_config_set_key_file(cookie->cfg, key) == -1)
|
if (tls_config_set_key_file(cookie->cfg, key) == -1)
|
||||||
{
|
{
|
||||||
Log(LOG_ERR, "Error with key file.");
|
|
||||||
goto error;
|
goto error;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (tls_configure(cookie->ctx, cookie->cfg) == -1)
|
if (tls_configure(cookie->ctx, cookie->cfg) == -1)
|
||||||
{
|
{
|
||||||
Log(LOG_ERR, "Error configuring context.");
|
|
||||||
goto error;
|
goto error;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (tls_accept_socket(cookie->ctx, &cookie->cctx, fd) == -1)
|
if (tls_accept_fds(cookie->ctx, &cookie->cctx, fd, fd) == -1)
|
||||||
|
{
|
||||||
|
goto error;
|
||||||
|
}
|
||||||
|
|
||||||
|
if (tls_handshake(cookie->cctx) == -1)
|
||||||
{
|
{
|
||||||
Log(LOG_ERR, "Error accepting socket.");
|
|
||||||
goto error;
|
goto error;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -177,11 +185,17 @@ ssize_t
|
||||||
TlsRead(void *cookie, void *buf, size_t nBytes)
|
TlsRead(void *cookie, void *buf, size_t nBytes)
|
||||||
{
|
{
|
||||||
LibreSSLCookie *tls = cookie;
|
LibreSSLCookie *tls = cookie;
|
||||||
ssize_t ret = tls_read(tls->cctx ? tls->cctx : tls->ctx, buf, nBytes);
|
struct tls *ctx = tls->cctx ? tls->cctx : tls->ctx;
|
||||||
|
ssize_t ret = tls_read(ctx, buf, nBytes);
|
||||||
|
|
||||||
if (ret == -1)
|
if (ret == -1)
|
||||||
{
|
{
|
||||||
Log(LOG_ERR, "TlsRead(): %s", tls_error(tls->cctx ? tls->cctx : tls->ctx));
|
errno = EIO;
|
||||||
|
}
|
||||||
|
else if (ret == TLS_WANT_POLLIN || ret == TLS_WANT_POLLOUT)
|
||||||
|
{
|
||||||
|
errno = EAGAIN;
|
||||||
|
ret = -1;
|
||||||
}
|
}
|
||||||
|
|
||||||
return ret;
|
return ret;
|
||||||
|
@ -191,11 +205,17 @@ ssize_t
|
||||||
TlsWrite(void *cookie, void *buf, size_t nBytes)
|
TlsWrite(void *cookie, void *buf, size_t nBytes)
|
||||||
{
|
{
|
||||||
LibreSSLCookie *tls = cookie;
|
LibreSSLCookie *tls = cookie;
|
||||||
ssize_t ret = tls_write(tls->cctx ? tls->cctx : tls->ctx, buf, nBytes);
|
struct tls *ctx = tls->cctx ? tls->cctx : tls->ctx;
|
||||||
|
ssize_t ret = tls_write(ctx, buf, nBytes);
|
||||||
|
|
||||||
if (ret == -1)
|
if (ret == -1)
|
||||||
{
|
{
|
||||||
Log(LOG_ERR, "TlsWrite(): %s", tls_error(tls->cctx ? tls->cctx : tls->ctx));
|
errno = EIO;
|
||||||
|
}
|
||||||
|
else if (ret == TLS_WANT_POLLIN || ret == TLS_WANT_POLLOUT)
|
||||||
|
{
|
||||||
|
errno = EAGAIN;
|
||||||
|
ret = -1;
|
||||||
}
|
}
|
||||||
|
|
||||||
return ret;
|
return ret;
|
||||||
|
|
|
@ -55,6 +55,7 @@ MAIN="Main"
|
||||||
|
|
||||||
if [ "$DEBUG" = "1" ]; then
|
if [ "$DEBUG" = "1" ]; then
|
||||||
CFLAGS="$CFLAGS -O0 -g"
|
CFLAGS="$CFLAGS -O0 -g"
|
||||||
|
LDFLAGS="-lm -pthread ${TLS_LIBS}"
|
||||||
PROG="$PROG-debug"
|
PROG="$PROG-debug"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue