Hi,
The relayd used the CHECK_TIMEOUT for connect and ssl handshake.
This is 200 milliseconds and too short. Instead use the 600 seconds
session timeout that is used for accepted sessions everywhere else.
While there, make flag handling in relay_ssl_transaction() consistent
to the other functions.
ok?
bluhm
Index: usr.sbin/relayd/relay.c
===
RCS file: /data/mirror/openbsd/cvs/src/usr.sbin/relayd/relay.c,v
retrieving revision 1.138
diff -u -p -r1.138 relay.c
--- usr.sbin/relayd/relay.c 20 May 2011 09:43:53 - 1.138
+++ usr.sbin/relayd/relay.c 1 Sep 2011 07:58:40 -
@@ -2279,7 +2279,8 @@ relay_connect(struct rsession *con)
if (errno == EINPROGRESS)
event_again(con-se_ev, con-se_out.s, EV_WRITE|EV_TIMEOUT,
- relay_connected, con-se_tv_start, env-sc_timeout, con);
+ relay_connected, con-se_tv_start, rlay-rl_conf.timeout,
+ con);
else
relay_connected(con-se_out.s, EV_WRITE, con);
@@ -2625,7 +2626,7 @@ relay_ssl_transaction(struct rsession *c
SSL *ssl;
const SSL_METHOD*method;
void(*cb)(int, short, void *);
- u_intflags = EV_TIMEOUT;
+ u_intflag;
ssl = SSL_new(rlay-rl_ssl_ctx);
if (ssl == NULL)
@@ -2634,11 +2635,11 @@ relay_ssl_transaction(struct rsession *c
if (cre-dir == RELAY_DIR_REQUEST) {
cb = relay_ssl_accept;
method = SSLv23_server_method();
- flags |= EV_READ;
+ flag = EV_READ;
} else {
cb = relay_ssl_connect;
method = SSLv23_client_method();
- flags |= EV_WRITE;
+ flag = EV_WRITE;
}
if (!SSL_set_ssl_method(ssl, method))
@@ -2653,8 +2654,10 @@ relay_ssl_transaction(struct rsession *c
cre-ssl = ssl;
- event_again(con-se_ev, cre-s, EV_TIMEOUT|flags,
- cb, con-se_tv_start, env-sc_timeout, con);
+ DPRINTF(%s: session %d: scheduling on %s, __func__, con-se_id,
+ (flag == EV_READ) ? EV_READ : EV_WRITE);
+ event_again(con-se_ev, cre-s, EV_TIMEOUT|flag, cb,
+ con-se_tv_start, rlay-rl_conf.timeout, con);
return;
err:
@@ -2721,7 +2724,7 @@ retry:
DPRINTF(%s: session %d: scheduling on %s, __func__, con-se_id,
(retry_flag == EV_READ) ? EV_READ : EV_WRITE);
event_again(con-se_ev, fd, EV_TIMEOUT|retry_flag, relay_ssl_accept,
- con-se_tv_start, env-sc_timeout, con);
+ con-se_tv_start, rlay-rl_conf.timeout, con);
}
void
@@ -2780,7 +2783,7 @@ retry:
DPRINTF(%s: session %d: scheduling on %s, __func__, con-se_id,
(retry_flag == EV_READ) ? EV_READ : EV_WRITE);
event_again(con-se_ev, fd, EV_TIMEOUT|retry_flag, relay_ssl_connect,
- con-se_tv_start, env-sc_timeout, con);
+ con-se_tv_start, rlay-rl_conf.timeout, con);
}
void