summaryrefslogtreecommitdiff
path: root/tls.c
diff options
context:
space:
mode:
authorLinus Nordberg <linus@nordberg.se>2014-03-31 14:39:44 +0200
committerLinus Nordberg <linus@nordberg.se>2014-03-31 15:03:36 +0200
commitc11c725bb7f01311a314bce5c4840de4d1a02923 (patch)
tree1d8c2236b0e0dde47a11c3f0c1b340183b9f8070 /tls.c
parentd22b2a2d3f0ff19568d4c1a2b08ad9d4dec374b9 (diff)
Close a server writer thread if SSL_write() fails.
Also, don't try to write zero number of octets because OpenSSL might not like that. This is for figuring out more about how to treat SSL_write() errors, https://project.nordu.net/browse/RADSECPROXY-46.
Diffstat (limited to 'tls.c')
-rw-r--r--tls.c16
1 files changed, 15 insertions, 1 deletions
diff --git a/tls.c b/tls.c
index 90c3dc9..28c3ec3 100644
--- a/tls.c
+++ b/tls.c
@@ -331,13 +331,27 @@ void *tlsserverwr(void *arg) {
}
reply = (struct request *)list_shift(replyq->entries);
pthread_mutex_unlock(&replyq->mutex);
+ if (RADLEN(reply->replybuf) == 0) {
+ debug(DBG_ERR, "%s: refusing to write 0 octets to %s",
+ __func__, addr2string(client->addr));
+ freerq(reply);
+ continue;
+ }
cnt = SSL_write(client->ssl, reply->replybuf, RADLEN(reply->replybuf));
if (cnt > 0)
debug(DBG_DBG, "tlsserverwr: sent %d bytes, Radius packet of length %d to %s",
cnt, RADLEN(reply->replybuf), addr2string(client->addr));
- else
+ else {
while ((error = ERR_get_error()))
debug(DBG_ERR, "tlsserverwr: SSL: %s", ERR_error_string(error, NULL));
+ debug(DBG_ERR, "%s: unexpected SSL_write: ret=%d, error=%d "
+ "while talking to %s, closing connection",
+ __func__, cnt, SSL_get_error(client->ssl, cnt),
+ addr2string(client->addr));
+ freerq(reply);
+ ERR_remove_state(0);
+ pthread_exit(NULL);
+ }
freerq(reply);
}
}