This patch fixes a bug where if a client connecting via SSL doesn't
authenticate very quickly, the server will hang until the client
finishes. This hang requires a kill -9 to force the server to stop (in
the case where the client hangs while authenticating). This happens,
for example, using Exodus when it displays one of the warning messages
about the certificate being invalid in some way (expired, wrong cn,
etc). The server will stay hung until the client O.K.'s or cancels the
dialog.
The fix is to set the socket to non-blocking mode immediately after
accepting it, as non-blocking mode is not inherited from the listening
socket. I'd appreciate it if this could make it into the next patch
release of 1.4 series! This patch is against the 1.4.2 source code.
Nathan
--- ../../tmp/jabber-1.4.2/jabberd/mio_ssl.c Fri Feb 8 02:39:27 2002
+++ mio_ssl.c Tue May 28 12:16:11 2002
@@ -219,6 +219,7 @@
SSL_CTX *ctx = NULL;
int fd;
int sret;
+ int flags;
if(m->ip == NULL)
{
@@ -228,6 +229,12 @@
fd = accept(m->fd, serv_addr, addrlen);
+ /* set the socket to non-blocking as this is not
+ inherited */
+ flags = fcntl(fd, F_GETFL, 0);
+ flags |= O_NONBLOCK;
+ fcntl(fd, F_SETFL, flags);
+
ctx = ghash_get(ssl__ctxs, m->ip);
if(ctx == NULL)
{
@@ -235,7 +242,8 @@
return -1;
}
ssl = SSL_new(ctx);
- log_debug(ZONE, "SSL accepting socket with new session %x", ssl);
+ log_debug(ZONE, "SSL accepting socket from %s with new session %x",
+ m->ip, ssl);
SSL_set_fd(ssl, fd);
SSL_set_accept_state(ssl);
sret = SSL_accept(ssl);
