From 6a090252b1188f06379c20b45a25d878e517a31f Mon Sep 17 00:00:00 2001
From: Linus Nordberg <linus@nordberg.se>
Date: Mon, 31 Mar 2014 15:15:24 +0200
Subject: Emit an error log line if client writer fails writing (SSL_write()).

Also, don't try to write zero number of octets because OpenSSL might
not like that.

I would like to close the connection too but would have to look into
the UDP and DTLS cases more before that can be done.

This is for figuring out more about how to treat SSL_write() errors,
https://project.nordu.net/browse/RADSECPROXY-46.
---
 tls.c | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

(limited to 'tls.c')

diff --git a/tls.c b/tls.c
index 28c3ec3..efaf263 100644
--- a/tls.c
+++ b/tls.c
@@ -254,10 +254,15 @@ int clientradputtls(struct server *server, unsigned char *rad) {
     if (!server->connectionok)
 	return 0;
     len = RADLEN(rad);
+    if (len == 0) {
+        debug(DBG_ERR, "%s: refusing to write 0 octets to %s",
+              __func__, conf->name);
+        return 0;
+    }
     if ((cnt = SSL_write(server->ssl, rad, len)) <= 0) {
 	while ((error = ERR_get_error()))
 	    debug(DBG_ERR, "clientradputtls: TLS: %s", ERR_error_string(error, NULL));
-	return 0;
+	return cnt;
     }
 
     debug(DBG_DBG, "clientradputtls: Sent %d bytes, Radius packet of length %d to TLS peer %s", cnt, len, conf->name);
-- 
cgit v1.1