diff options
author | Linus Nordberg <linus@nordberg.se> | 2014-03-31 15:15:24 +0200 |
---|---|---|
committer | Linus Nordberg <linus@nordberg.se> | 2014-03-31 15:19:37 +0200 |
commit | 6a090252b1188f06379c20b45a25d878e517a31f (patch) | |
tree | 2b4a7c1af5c7aeab7caa829ca529086d17082e39 | |
parent | c11c725bb7f01311a314bce5c4840de4d1a02923 (diff) |
Emit an error log line if client writer fails writing (SSL_write()).t46
Also, don't try to write zero number of octets because OpenSSL might
not like that.
I would like to close the connection too but would have to look into
the UDP and DTLS cases more before that can be done.
This is for figuring out more about how to treat SSL_write() errors,
https://project.nordu.net/browse/RADSECPROXY-46.
-rw-r--r-- | radsecproxy.c | 9 | ||||
-rw-r--r-- | tls.c | 7 |
2 files changed, 14 insertions, 2 deletions
diff --git a/radsecproxy.c b/radsecproxy.c index b7b2063..f972d89 100644 --- a/radsecproxy.c +++ b/radsecproxy.c @@ -1887,6 +1887,8 @@ void *clientwr(void *arg) { pthread_mutex_unlock(&server->newrq_mutex); for (i = 0; i < MAX_REQUESTS; i++) { + int ret; + if (server->clientrdgone) { pthread_join(clientrdth, NULL); goto errexit; @@ -1935,8 +1937,13 @@ void *clientwr(void *arg) { if (!timeout.tv_sec || rqout->expiry.tv_sec < timeout.tv_sec) timeout.tv_sec = rqout->expiry.tv_sec; rqout->tries++; - conf->pdef->clientradput(server, rqout->rq->buf); + ret = conf->pdef->clientradput(server, rqout->rq->buf); pthread_mutex_unlock(rqout->lock); + if (ret < 0) { + debug(DBG_ERR, "%s: unexpected SSL_write: ret=%d, error=%d " + "while talking to %s", __func__, ret, + SSL_get_error(server->ssl, ret), conf->name); + } } if (conf->statusserver && server->connectionok) { secs = server->lastrcv.tv_sec > laststatsrv.tv_sec ? server->lastrcv.tv_sec : laststatsrv.tv_sec; @@ -254,10 +254,15 @@ int clientradputtls(struct server *server, unsigned char *rad) { if (!server->connectionok) return 0; len = RADLEN(rad); + if (len == 0) { + debug(DBG_ERR, "%s: refusing to write 0 octets to %s", + __func__, conf->name); + return 0; + } if ((cnt = SSL_write(server->ssl, rad, len)) <= 0) { while ((error = ERR_get_error())) debug(DBG_ERR, "clientradputtls: TLS: %s", ERR_error_string(error, NULL)); - return 0; + return cnt; } debug(DBG_DBG, "clientradputtls: Sent %d bytes, Radius packet of length %d to TLS peer %s", cnt, len, conf->name); |