Return free memory more aggressively.

[radsecproxy.git] / dtls.c

diff --git a/dtls.c b/dtls.c
index d99c55d..2586b8f 100644 (file)
--- a/dtls.c
+++ b/dtls.c
@@ -1,10 +1,6 @@
-/*
- * Copyright (C) 2008-2009 Stig Venaas <venaas@uninett.no>
- *
- * Permission to use, copy, modify, and distribute this software for any
- * purpose with or without fee is hereby granted, provided that the above
- * copyright notice and this permission notice appear in all copies.
- */
+/* Copyright (c) 2007-2009, UNINETT AS
+ * Copyright (c) 2012, NORDUnet A/S */
+/* See LICENSE for licensing information. */
 
 #include <signal.h>
 #include <sys/socket.h>
@@ -26,7 +22,6 @@
 #include <pthread.h>
 #include <openssl/ssl.h>
 #include <openssl/err.h>
-#include "list.h"
 #include "hash.h"
 #include "radsecproxy.h"
 
@@ -47,7 +42,7 @@ void initextradtls();
 
 static const struct protodefs protodefs = {
     "dtls",
-    "mysecret", /* secretdefault */
+    "radsec", /* secretdefault */
     SOCK_DGRAM, /* socktype */
     "2083", /* portdefault */
     REQUEST_RETRY_COUNT, /* retrycountdefault */
@@ -100,7 +95,9 @@ struct dtlsservernewparams {
 
 void dtlssetsrcres() {
     if (!srcres)
-       srcres = resolvepassiveaddrinfo(protoopts ? protoopts->sourcearg : NULL, NULL, protodefs.socktype);
+       srcres =
+            resolvepassiveaddrinfo(protoopts ? protoopts->sourcearg : NULL,
+                                   AF_UNSPEC, NULL, protodefs.socktype);
 }
 
 int udp2bio(int s, struct gqueue *q, int cnt) {
@@ -308,7 +305,7 @@ void dtlsserverrd(struct client *client) {
 
     debug(DBG_DBG, "dtlsserverrd: starting for %s", addr2string(client->addr));
 
-    if (pthread_create(&dtlsserverwrth, NULL, dtlsserverwr, (void *)client)) {
+    if (pthread_create(&dtlsserverwrth, &pthread_attr, dtlsserverwr, (void *)client)) {
        debug(DBG_ERR, "dtlsserverrd: pthread_create failed");
        return;
     }
@@ -353,6 +350,7 @@ void *dtlsservernew(void *arg) {
     X509 *cert = NULL;
     SSL_CTX *ctx = NULL;
     uint8_t delay = 60;
+    struct tls *accepted_tls = NULL;
 
     debug(DBG_DBG, "dtlsservernew: starting");
     conf = find_clconf(handle, (struct sockaddr *)&params->addr, NULL);
@@ -366,10 +364,11 @@ void *dtlsservernew(void *arg) {
        cert = verifytlscert(ssl);
         if (!cert)
             goto exit;
+        accepted_tls = conf->tlsconf;
     }
 
     while (conf) {
-       if (verifyconfcert(cert, conf)) {
+       if (accepted_tls == conf->tlsconf && verifyconfcert(cert, conf)) {
            X509_free(cert);
            client = addclient(conf, 1);
            if (client) {
@@ -509,7 +508,7 @@ void *udpdtlsserverrd(void *arg) {
 
            if (udp2bio(s, params->sesscache->rbios, cnt)) {
                debug(DBG_DBG, "udpdtlsserverrd: got DTLS in UDP from %s", addr2string((struct sockaddr *)&from));
-               if (!pthread_create(&dtlsserverth, NULL, dtlsservernew, (void *)params)) {
+               if (!pthread_create(&dtlsserverth, &pthread_attr, dtlsservernew, (void *)params)) {
                    pthread_detach(dtlsserverth);
                    cacheexpire(sessioncache, &lastexpiry);
                    continue;
@@ -698,10 +697,10 @@ void initextradtls() {
     }
 
     if (client4_sock >= 0)
-       if (pthread_create(&cl4th, NULL, udpdtlsclientrd, (void *)&client4_sock))
+       if (pthread_create(&cl4th, &pthread_attr, udpdtlsclientrd, (void *)&client4_sock))
            debugx(1, DBG_ERR, "pthread_create failed");
     if (client6_sock >= 0)
-       if (pthread_create(&cl6th, NULL, udpdtlsclientrd, (void *)&client6_sock))
+       if (pthread_create(&cl6th, &pthread_attr, udpdtlsclientrd, (void *)&client6_sock))
            debugx(1, DBG_ERR, "pthread_create failed");
 }
 #else