diff options
| -rw-r--r-- | radsecproxy.c | 9 | ||||
| -rw-r--r-- | tls.c | 7 |
2 files changed, 14 insertions, 2 deletions
diff --git a/radsecproxy.c b/radsecproxy.c index b7b2063..f972d89 100644 --- a/radsecproxy.c +++ b/radsecproxy.c @@ -1887,6 +1887,8 @@ void *clientwr(void *arg) { pthread_mutex_unlock(&server->newrq_mutex); for (i = 0; i < MAX_REQUESTS; i++) { + int ret; + if (server->clientrdgone) { pthread_join(clientrdth, NULL); goto errexit; @@ -1935,8 +1937,13 @@ void *clientwr(void *arg) { if (!timeout.tv_sec || rqout->expiry.tv_sec < timeout.tv_sec) timeout.tv_sec = rqout->expiry.tv_sec; rqout->tries++; - conf->pdef->clientradput(server, rqout->rq->buf); + ret = conf->pdef->clientradput(server, rqout->rq->buf); pthread_mutex_unlock(rqout->lock); + if (ret < 0) { + debug(DBG_ERR, "%s: unexpected SSL_write: ret=%d, error=%d " + "while talking to %s", __func__, ret, + SSL_get_error(server->ssl, ret), conf->name); + } } if (conf->statusserver && server->connectionok) { secs = server->lastrcv.tv_sec > laststatsrv.tv_sec ? server->lastrcv.tv_sec : laststatsrv.tv_sec; @@ -254,10 +254,15 @@ int clientradputtls(struct server *server, unsigned char *rad) { if (!server->connectionok) return 0; len = RADLEN(rad); + if (len == 0) { + debug(DBG_ERR, "%s: refusing to write 0 octets to %s", + __func__, conf->name); + return 0; + } if ((cnt = SSL_write(server->ssl, rad, len)) <= 0) { while ((error = ERR_get_error())) debug(DBG_ERR, "clientradputtls: TLS: %s", ERR_error_string(error, NULL)); - return 0; + return cnt; } debug(DBG_DBG, "clientradputtls: Sent %d bytes, Radius packet of length %d to TLS peer %s", cnt, len, conf->name); |