From 6a090252b1188f06379c20b45a25d878e517a31f Mon Sep 17 00:00:00 2001
From: Linus Nordberg <linus@nordberg.se>
Date: Mon, 31 Mar 2014 15:15:24 +0200
Subject: Emit an error log line if client writer fails writing (SSL_write()).

Also, don't try to write zero number of octets because OpenSSL might
not like that.

I would like to close the connection too but would have to look into
the UDP and DTLS cases more before that can be done.

This is for figuring out more about how to treat SSL_write() errors,
https://project.nordu.net/browse/RADSECPROXY-46.
---
 radsecproxy.c | 9 ++++++++-
 tls.c         | 7 ++++++-
 2 files changed, 14 insertions(+), 2 deletions(-)

diff --git a/radsecproxy.c b/radsecproxy.c
index b7b2063..f972d89 100644
--- a/radsecproxy.c
+++ b/radsecproxy.c
@@ -1887,6 +1887,8 @@ void *clientwr(void *arg) {
 	pthread_mutex_unlock(&server->newrq_mutex);
 
 	for (i = 0; i < MAX_REQUESTS; i++) {
+            int ret;
+
 	    if (server->clientrdgone) {
 		pthread_join(clientrdth, NULL);
 		goto errexit;
@@ -1935,8 +1937,13 @@ void *clientwr(void *arg) {
 	    if (!timeout.tv_sec || rqout->expiry.tv_sec < timeout.tv_sec)
 		timeout.tv_sec = rqout->expiry.tv_sec;
 	    rqout->tries++;
-	    conf->pdef->clientradput(server, rqout->rq->buf);
+	    ret = conf->pdef->clientradput(server, rqout->rq->buf);
 	    pthread_mutex_unlock(rqout->lock);
+            if (ret < 0) {
+                debug(DBG_ERR, "%s: unexpected SSL_write: ret=%d, error=%d "
+                      "while talking to %s", __func__, ret,
+                      SSL_get_error(server->ssl, ret), conf->name);
+            }
 	}
 	if (conf->statusserver && server->connectionok) {
 	    secs = server->lastrcv.tv_sec > laststatsrv.tv_sec ? server->lastrcv.tv_sec : laststatsrv.tv_sec;
diff --git a/tls.c b/tls.c
index 28c3ec3..efaf263 100644
--- a/tls.c
+++ b/tls.c
@@ -254,10 +254,15 @@ int clientradputtls(struct server *server, unsigned char *rad) {
     if (!server->connectionok)
 	return 0;
     len = RADLEN(rad);
+    if (len == 0) {
+        debug(DBG_ERR, "%s: refusing to write 0 octets to %s",
+              __func__, conf->name);
+        return 0;
+    }
     if ((cnt = SSL_write(server->ssl, rad, len)) <= 0) {
 	while ((error = ERR_get_error()))
 	    debug(DBG_ERR, "clientradputtls: TLS: %s", ERR_error_string(error, NULL));
-	return 0;
+	return cnt;
     }
 
     debug(DBG_DBG, "clientradputtls: Sent %d bytes, Radius packet of length %d to TLS peer %s", cnt, len, conf->name);
-- 
cgit v1.1