forked from lda/telodendria
Fix strange behavior in TlsLibreSSL.
tls_read() and tls_write() may return TLS_WANT_POLLIN or TLS_WANT_POLLOUT if data isn't ready to be read or written yet. We have to account for this by converting it to EAGAIN, which is how a typical read() or write() function should behave. Also installed a SIGPIPE handler; we do not want to be terminated by SIGPIPE, and it's safe to ignore this signal because it should be handled thoroughly in the code.
This commit is contained in:
parent
2441f07848
commit
e13442c122
4 changed files with 67 additions and 29 deletions
|
@ -10,6 +10,13 @@
|
|||
{
|
||||
"port": 8008,
|
||||
"tls": false
|
||||
},
|
||||
{
|
||||
"port": 8448,
|
||||
"tls": {
|
||||
"cert": "telodendria.crt",
|
||||
"key": "telodendria.key"
|
||||
}
|
||||
}
|
||||
],
|
||||
"registration": true,
|
||||
|
|
50
src/Main.c
50
src/Main.c
|
@ -48,22 +48,26 @@
|
|||
static Array *httpServers = NULL;
|
||||
|
||||
static void
|
||||
TelodendriaSignalHandler(int signalNo)
|
||||
TelodendriaSignalHandler(int signal)
|
||||
{
|
||||
size_t i;
|
||||
|
||||
(void) signalNo;
|
||||
|
||||
if (!httpServers)
|
||||
switch (signal)
|
||||
{
|
||||
return;
|
||||
}
|
||||
case SIGPIPE:
|
||||
return;
|
||||
case SIGINT:
|
||||
if (!httpServers)
|
||||
{
|
||||
return;
|
||||
}
|
||||
|
||||
for (i = 0; i < ArraySize(httpServers); i++)
|
||||
{
|
||||
HttpServer *server = ArrayGet(httpServers, i);
|
||||
|
||||
HttpServerStop(server);
|
||||
for (i = 0; i < ArraySize(httpServers); i++)
|
||||
{
|
||||
HttpServer *server = ArrayGet(httpServers, i);
|
||||
HttpServerStop(server);
|
||||
}
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -478,17 +482,23 @@ main(int argc, char **argv)
|
|||
sigfillset(&sigAction.sa_mask);
|
||||
sigAction.sa_flags = SA_RESTART;
|
||||
|
||||
if (sigaction(SIGINT, &sigAction, NULL) < 0)
|
||||
{
|
||||
Log(LOG_ERR, "Unable to install signal handler.");
|
||||
exit = EXIT_FAILURE;
|
||||
goto finish;
|
||||
}
|
||||
else
|
||||
{
|
||||
Log(LOG_DEBUG, "Installed SIGINT signal handler.");
|
||||
#define SIGACTION(sig, act, oact) \
|
||||
if (sigaction(sig, act, oact) < 0) \
|
||||
{ \
|
||||
Log(LOG_ERR, "Unable to install signal handler: %s", #sig); \
|
||||
exit = EXIT_FAILURE; \
|
||||
goto finish; \
|
||||
} \
|
||||
else \
|
||||
{ \
|
||||
Log(LOG_DEBUG, "Installed signal handler: %s", #sig); \
|
||||
}
|
||||
|
||||
SIGACTION(SIGINT, &sigAction, NULL);
|
||||
SIGACTION(SIGPIPE, &sigAction, NULL);
|
||||
|
||||
#undef SIGACTION
|
||||
|
||||
/* Block this thread until the servers are terminated by a signal
|
||||
* handler */
|
||||
for (i = 0; i < ArraySize(httpServers); i++)
|
||||
|
|
|
@ -28,6 +28,8 @@
|
|||
#include <Memory.h>
|
||||
#include <Log.h>
|
||||
|
||||
#include <errno.h>
|
||||
|
||||
#include <tls.h> /* LibreSSL TLS */
|
||||
|
||||
typedef struct LibreSSLCookie
|
||||
|
@ -74,6 +76,11 @@ TlsInitClient(int fd, const char *serverName)
|
|||
goto error;
|
||||
}
|
||||
|
||||
if (tls_handshake(cookie->ctx) == -1)
|
||||
{
|
||||
goto error;
|
||||
}
|
||||
|
||||
return cookie;
|
||||
|
||||
error:
|
||||
|
@ -119,25 +126,26 @@ TlsInitServer(int fd, const char *crt, const char *key)
|
|||
|
||||
if (tls_config_set_cert_file(cookie->cfg, crt) == -1)
|
||||
{
|
||||
Log(LOG_ERR, "Error with certificate file.");
|
||||
goto error;
|
||||
}
|
||||
|
||||
if (tls_config_set_key_file(cookie->cfg, key) == -1)
|
||||
{
|
||||
Log(LOG_ERR, "Error with key file.");
|
||||
goto error;
|
||||
}
|
||||
|
||||
if (tls_configure(cookie->ctx, cookie->cfg) == -1)
|
||||
{
|
||||
Log(LOG_ERR, "Error configuring context.");
|
||||
goto error;
|
||||
}
|
||||
|
||||
if (tls_accept_socket(cookie->ctx, &cookie->cctx, fd) == -1)
|
||||
if (tls_accept_fds(cookie->ctx, &cookie->cctx, fd, fd) == -1)
|
||||
{
|
||||
goto error;
|
||||
}
|
||||
|
||||
if (tls_handshake(cookie->cctx) == -1)
|
||||
{
|
||||
Log(LOG_ERR, "Error accepting socket.");
|
||||
goto error;
|
||||
}
|
||||
|
||||
|
@ -177,11 +185,17 @@ ssize_t
|
|||
TlsRead(void *cookie, void *buf, size_t nBytes)
|
||||
{
|
||||
LibreSSLCookie *tls = cookie;
|
||||
ssize_t ret = tls_read(tls->cctx ? tls->cctx : tls->ctx, buf, nBytes);
|
||||
struct tls *ctx = tls->cctx ? tls->cctx : tls->ctx;
|
||||
ssize_t ret = tls_read(ctx, buf, nBytes);
|
||||
|
||||
if (ret == -1)
|
||||
{
|
||||
Log(LOG_ERR, "TlsRead(): %s", tls_error(tls->cctx ? tls->cctx : tls->ctx));
|
||||
errno = EIO;
|
||||
}
|
||||
else if (ret == TLS_WANT_POLLIN || ret == TLS_WANT_POLLOUT)
|
||||
{
|
||||
errno = EAGAIN;
|
||||
ret = -1;
|
||||
}
|
||||
|
||||
return ret;
|
||||
|
@ -191,11 +205,17 @@ ssize_t
|
|||
TlsWrite(void *cookie, void *buf, size_t nBytes)
|
||||
{
|
||||
LibreSSLCookie *tls = cookie;
|
||||
ssize_t ret = tls_write(tls->cctx ? tls->cctx : tls->ctx, buf, nBytes);
|
||||
struct tls *ctx = tls->cctx ? tls->cctx : tls->ctx;
|
||||
ssize_t ret = tls_write(ctx, buf, nBytes);
|
||||
|
||||
if (ret == -1)
|
||||
{
|
||||
Log(LOG_ERR, "TlsWrite(): %s", tls_error(tls->cctx ? tls->cctx : tls->ctx));
|
||||
errno = EIO;
|
||||
}
|
||||
else if (ret == TLS_WANT_POLLIN || ret == TLS_WANT_POLLOUT)
|
||||
{
|
||||
errno = EAGAIN;
|
||||
ret = -1;
|
||||
}
|
||||
|
||||
return ret;
|
||||
|
|
|
@ -55,6 +55,7 @@ MAIN="Main"
|
|||
|
||||
if [ "$DEBUG" = "1" ]; then
|
||||
CFLAGS="$CFLAGS -O0 -g"
|
||||
LDFLAGS="-lm -pthread ${TLS_LIBS}"
|
||||
PROG="$PROG-debug"
|
||||
fi
|
||||
|
||||
|
|
Loading…
Reference in a new issue