Hello, It seems the way spamdyke implements TLS is prone to infinite hangs due to SSL_* functions blocking on IO operations.
There are already some reported cases although no enough debug information was provided: http://www.mail-archive.com/spamdyke-users@spamdyke.org/msg00797.html http://www.mail-archive.com/spamdyke-users@spamdyke.org/msg01313.html The simplest test case is connecting to spamdyke with telnet, then issue starttls and just wait here forever. At this time SSL_accept waits for input and there's no timeout mechanism to guard against this. There are more places in spamdyke where SSL_read, SSL_shutdown etc. are not well guarded. AFAIK there are two ways to handle this situation: 1. set inbound_fd/outbound_fd to non-blocking mode with fctnl(2) and then use SSL_* in a non-blocking manner[1] 2. use alarm() and signal handler to guard against such cases 1 is probably better way to do it while 2 is quicker (and dirtier?). What do you think? [1] http://www.openssl.org/support/faq.html#PROG10 -- Theodor Milkov ICDSoft Ltd. System Administrator http://www.icdsoft.com/
signature.asc
Description: OpenPGP digital signature
_______________________________________________ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users