Module Name: src Committed By: martin Date: Fri Nov 1 09:32:21 UTC 2019
Modified Files: src/usr.sbin/syslogd [netbsd-9]: tls.c Log Message: Pull up following revision(s) (requested by hannken in ticket #386): usr.sbin/syslogd/tls.c: revision 1.17 With TLSv1.3 a client has to receive and process metadata. Update dispatch_tls_eof() to check for metadata and rearm on success. Ok: christos@ To generate a diff of this commit: cvs rdiff -u -r1.16 -r1.16.6.1 src/usr.sbin/syslogd/tls.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
Modified files: Index: src/usr.sbin/syslogd/tls.c diff -u src/usr.sbin/syslogd/tls.c:1.16 src/usr.sbin/syslogd/tls.c:1.16.6.1 --- src/usr.sbin/syslogd/tls.c:1.16 Thu Feb 8 17:45:29 2018 +++ src/usr.sbin/syslogd/tls.c Fri Nov 1 09:32:21 2019 @@ -1,4 +1,4 @@ -/* $NetBSD: tls.c,v 1.16 2018/02/08 17:45:29 christos Exp $ */ +/* $NetBSD: tls.c,v 1.16.6.1 2019/11/01 09:32:21 martin Exp $ */ /*- * Copyright (c) 2008 The NetBSD Foundation, Inc. @@ -45,7 +45,7 @@ */ #include <sys/cdefs.h> -__RCSID("$NetBSD: tls.c,v 1.16 2018/02/08 17:45:29 christos Exp $"); +__RCSID("$NetBSD: tls.c,v 1.16.6.1 2019/11/01 09:32:21 martin Exp $"); #ifndef DISABLE_TLS #include <sys/stat.h> @@ -1450,7 +1450,7 @@ dispatch_socket_accept(int fd, short eve * * I do not know if libevent can tell us the difference * between available data and an EOF. But it does not matter - * because there should not be any incoming data. + * because there should not be any incoming data beside metadata. * So we close the connection either because the peer closed its * side or because the peer broke the protocol by sending us stuff ;-) */ @@ -1460,11 +1460,26 @@ dispatch_tls_eof(int fd, short event, vo struct tls_conn_settings *conn_info = (struct tls_conn_settings *) arg; sigset_t newmask, omask; struct timeval tv; + int rc; + char buf[1]; BLOCK_SIGNALS(omask, newmask); DPRINTF((D_TLS|D_EVENT|D_CALL), "dispatch_eof_tls(%d, %d, %p)\n", fd, event, arg); assert(conn_info->state == ST_TLS_EST); + + /* First check for incoming metadata. */ + ST_CHANGE(conn_info->state, ST_READING); + rc = SSL_read(conn_info->sslptr, buf, sizeof(buf)); + ST_CHANGE(conn_info->state, ST_TLS_EST); + if (rc <= 0 && tls_examine_error("SSL_read()", conn_info->sslptr, + conn_info, rc) == TLS_RETRY_READ) { + /* Connection is still alive, rearm and return. */ + EVENT_ADD(conn_info->event); + RESTORE_SIGNALS(omask); + return; + } + ST_CHANGE(conn_info->state, ST_EOF); DEL_EVENT(conn_info->event);