cnt = SSL_read(ssl, buf + total, 4 - total);
if (cnt <= 0) {
printf("radtlsget: connection lost\n");
+ if (SSL_get_error(ssl, cnt) == SSL_ERROR_ZERO_RETURN) {
+ //remote end sent close_notify, send one back
+ SSL_shutdown(ssl);
+ }
return NULL;
}
}
cnt = SSL_read(ssl, rad + total, len - total);
if (cnt <= 0) {
printf("radtlsget: connection lost\n");
+ if (SSL_get_error(ssl, cnt) == SSL_ERROR_ZERO_RETURN) {
+ //remote end sent close_notify, send one back
+ SSL_shutdown(ssl);
+ }
free(rad);
return NULL;
}
struct client *client = (struct client *)arg;
struct replyq *replyq;
- pthread_mutex_lock(&client->replycount_mutex);
+ printf("tlsserverwr starting for %s\n", client->peer.host);
+ replyq = client->replyq;
+ pthread_mutex_lock(&replyq->count_mutex);
for (;;) {
- replyq = client->replyq;
while (!replyq->count) {
- printf("tls server writer, waiting for signal\n");
- pthread_cond_wait(&replyq->count_cond, &replyq->count_mutex);
- printf("tls server writer, got signal\n");
+ if (client->peer.ssl) {
+ printf("tls server writer, waiting for signal\n");
+ pthread_cond_wait(&replyq->count_cond, &replyq->count_mutex);
+ printf("tls server writer, got signal\n");
+ }
+ if (!client->peer.ssl) {
+ //ssl might have changed while waiting
+ pthread_mutex_unlock(&replyq->count_mutex);
+ printf("tlsserverwr: exiting as requested\n");
+ pthread_exit(NULL);
+ }
}
pthread_mutex_unlock(&replyq->count_mutex);
cnt = SSL_write(client->peer.ssl, replyq->replies->buf, RADLEN(replyq->replies->buf));
int s;
struct client *client = (struct client *)arg;
pthread_t tlsserverwrth;
+ SSL *ssl;
+
+ printf("tlsserverrd starting for %s\n", client->peer.host);
+ ssl = client->peer.ssl;
- printf("tlsserverrd starting\n");
- if (SSL_accept(client->peer.ssl) <= 0) {
+ if (SSL_accept(ssl) <= 0) {
while ((error = ERR_get_error()))
err("tlsserverrd: SSL: %s", ERR_error_string(error, NULL));
errx("accept failed, child exiting");
for (;;) {
buf = radtlsget(client->peer.ssl);
- if (!buf) {
- printf("tlsserverrd: connection lost\n");
- s = SSL_get_fd(client->peer.ssl);
- SSL_free(client->peer.ssl);
- client->peer.ssl = NULL;
- if (s >= 0)
- close(s);
- pthread_exit(NULL);
- }
+ if (!buf)
+ break;
printf("tlsserverrd: got Radius message from %s\n", client->peer.host);
memset(&rq, 0, sizeof(struct request));
to = radsrv(&rq, buf, client);
}
sendrq(to, client, &rq);
}
+ printf("tlsserverrd: connection lost\n");
+ // stop writer by setting peer.ssl to NULL and give signal in case waiting for data
+ client->peer.ssl = NULL;
+ pthread_mutex_lock(&client->replyq->count_mutex);
+ pthread_cond_signal(&client->replyq->count_cond);
+ pthread_mutex_unlock(&client->replyq->count_mutex);
+ printf("tlsserverrd: waiting for writer to end\n");
+ pthread_join(tlsserverwrth, NULL);
+ s = SSL_get_fd(ssl);
+ SSL_free(ssl);
+ close(s);
+ printf("tlsserverrd thread for %s exiting\n", client->peer.host);
+ pthread_exit(NULL);
}
int tlslistener(SSL_CTX *ssl_ctx) {
SSL_set_fd(client->peer.ssl, snew);
if (pthread_create(&tlsserverth, NULL, tlsserverrd, (void *)client))
errx("pthread_create failed");
+ pthread_detach(tlsserverth);
}
return 0;
}
SSL_CTX *ssl_ctx_srv;
unsigned long error;
pthread_t udpserverth;
- pthread_attr_t joinable;
+ // pthread_attr_t joinable;
int i;
parseargs(argc, argv);
ssl_locks_setup();
- pthread_attr_init(&joinable);
- pthread_attr_setdetachstate(&joinable, PTHREAD_CREATE_JOINABLE);
+ // pthread_attr_init(&joinable);
+ // pthread_attr_setdetachstate(&joinable, PTHREAD_CREATE_JOINABLE);
/* listen on UDP if at least one UDP client */
for (i = 0; i < client_count; i++)
if (clients[i].peer.type == 'U') {
- if (pthread_create(&udpserverth, &joinable, udpserverrd, NULL))
+ if (pthread_create(&udpserverth, NULL /*&joinable*/, udpserverrd, NULL))
errx("pthread_create failed");
break;
}
projects / libradsec.git / commitdiff