#include <sys/stat.h>
#endif
+#ifdef WITH_TCP
#ifdef WITH_TLS
#ifdef HAVE_OPENSSL_RAND_H
#include <openssl/rand.h>
sock->packet->dst_ipaddr = sock->my_ipaddr;
sock->packet->dst_port = sock->my_port;
- if (sock->request) {
- sock->request->packet = talloc_steal(sock->request, sock->packet);
- }
+ if (sock->request) sock->request->packet = talloc_steal(sock->request, sock->packet);
}
/*
SSL_set_ex_data(sock->ssn->ssl, FR_TLS_EX_INDEX_REQUEST, (void *)request);
SSL_set_ex_data(sock->ssn->ssl, fr_tls_ex_index_certs, (void *) &sock->certs);
- SSL_set_ex_data(sock->ssn->ssl, FR_TLS_EX_INDEX_TALLOC, sock->parent);
+ SSL_set_ex_data(sock->ssn->ssl, FR_TLS_EX_INDEX_TALLOC, sock);
doing_init = true;
}
PTHREAD_MUTEX_UNLOCK(&sock->mutex);
if (!rad_packet_ok(packet, 0, NULL)) {
- ERROR("Receive - %s", fr_strerror());
+ if (DEBUG_ENABLED) ERROR("Receive - %s", fr_strerror());
DEBUG("Closing TLS socket from client");
PTHREAD_MUTEX_LOCK(&sock->mutex);
tls_socket_close(listener);
FR_STATS_INC(auth, total_requests);
- /*
- * Re-parent the packet to nothing.
- */
- (void) talloc_steal(NULL, packet);
-
return 1;
}
rad_assert(sock->ssn != NULL);
rad_assert(client != NULL);
- packet = sock->packet;
+ packet = talloc_steal(NULL, sock->packet);
+ sock->packet = NULL;
/*
* Some sanity checks, based on the packet code.
if (!main_config.status_server) {
FR_STATS_INC(auth, total_unknown_types);
WARN("Ignoring Status-Server request due to security configuration");
- rad_free(&sock->packet);
+ rad_free(&packet);
return 0;
}
fun = rad_status_server;
DEBUG("Invalid packet code %d sent from client %s port %d : IGNORED",
packet->code, client->shortname, packet->src_port);
- rad_free(&sock->packet);
+ rad_free(&packet);
return 0;
} /* switch over packet types */
if (!request_receive(NULL, listener, packet, client, fun)) {
FR_STATS_INC(auth, total_packets_dropped);
- rad_free(&sock->packet);
+ rad_free(&packet);
return 0;
}
- sock->packet = NULL; /* we have no need for more partial reads */
-
return 1;
}
return 0;
}
+ if (request->reply->data_len > (MAX_PACKET_LEN - 100)) {
+ RWARN("Packet is large, and possibly truncated - %zd vs max %d",
+ request->reply->data_len, MAX_PACKET_LEN);
+ }
+
/*
* Sign the packet.
*/
return -1;
default:
- while ((err = ERR_get_error())) {
- DEBUG("proxy recv says %s",
- ERR_error_string(err, NULL));
- }
+ tls_error_log(NULL, "Failed in proxy receive");
goto do_close;
}
break; /* let someone else retry */
default:
- DEBUG("proxy SSL_write says %s",
- ERR_error_string(err, NULL));
+ tls_error_log(NULL, "Failed in proxy send");
DEBUG("Closing TLS socket to home server");
tls_socket_close(listener);
PTHREAD_MUTEX_UNLOCK(&sock->mutex);
#endif /* WITH_PROXY */
#endif /* WITH_TLS */
+#endif /* WITH_TCP */