summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorLinus Nordberg <linus@nordberg.se>2014-03-31 15:15:24 +0200
committerLinus Nordberg <linus@nordberg.se>2014-03-31 15:19:37 +0200
commit6a090252b1188f06379c20b45a25d878e517a31f (patch)
tree2b4a7c1af5c7aeab7caa829ca529086d17082e39
parentc11c725bb7f01311a314bce5c4840de4d1a02923 (diff)
Emit an error log line if client writer fails writing (SSL_write()).t46
Also, don't try to write zero number of octets because OpenSSL might not like that. I would like to close the connection too but would have to look into the UDP and DTLS cases more before that can be done. This is for figuring out more about how to treat SSL_write() errors, https://project.nordu.net/browse/RADSECPROXY-46.
-rw-r--r--radsecproxy.c9
-rw-r--r--tls.c7
2 files changed, 14 insertions, 2 deletions
diff --git a/radsecproxy.c b/radsecproxy.c
index b7b2063..f972d89 100644
--- a/radsecproxy.c
+++ b/radsecproxy.c
@@ -1887,6 +1887,8 @@ void *clientwr(void *arg) {
pthread_mutex_unlock(&server->newrq_mutex);
for (i = 0; i < MAX_REQUESTS; i++) {
+ int ret;
+
if (server->clientrdgone) {
pthread_join(clientrdth, NULL);
goto errexit;
@@ -1935,8 +1937,13 @@ void *clientwr(void *arg) {
if (!timeout.tv_sec || rqout->expiry.tv_sec < timeout.tv_sec)
timeout.tv_sec = rqout->expiry.tv_sec;
rqout->tries++;
- conf->pdef->clientradput(server, rqout->rq->buf);
+ ret = conf->pdef->clientradput(server, rqout->rq->buf);
pthread_mutex_unlock(rqout->lock);
+ if (ret < 0) {
+ debug(DBG_ERR, "%s: unexpected SSL_write: ret=%d, error=%d "
+ "while talking to %s", __func__, ret,
+ SSL_get_error(server->ssl, ret), conf->name);
+ }
}
if (conf->statusserver && server->connectionok) {
secs = server->lastrcv.tv_sec > laststatsrv.tv_sec ? server->lastrcv.tv_sec : laststatsrv.tv_sec;
diff --git a/tls.c b/tls.c
index 28c3ec3..efaf263 100644
--- a/tls.c
+++ b/tls.c
@@ -254,10 +254,15 @@ int clientradputtls(struct server *server, unsigned char *rad) {
if (!server->connectionok)
return 0;
len = RADLEN(rad);
+ if (len == 0) {
+ debug(DBG_ERR, "%s: refusing to write 0 octets to %s",
+ __func__, conf->name);
+ return 0;
+ }
if ((cnt = SSL_write(server->ssl, rad, len)) <= 0) {
while ((error = ERR_get_error()))
debug(DBG_ERR, "clientradputtls: TLS: %s", ERR_error_string(error, NULL));
- return 0;
+ return cnt;
}
debug(DBG_DBG, "clientradputtls: Sent %d bytes, Radius packet of length %d to TLS peer %s", cnt, len, conf->name);