From: Linus Nordberg <linus@nordberg.se>
Date: Mon, 26 Aug 2013 14:42:44 +0000 (+0200)
Subject: Don't wait for _writable_ when _reading_ an SSL socket.
X-Git-Url: http://www.project-moonshot.org/gitweb/?p=radsecproxy.git;a=commitdiff_plain;h=92a0c39afd4472d9ff33e3518fb548a7473fc7ce

Don't wait for _writable_ when _reading_ an SSL socket.

Also, don't select() at all if SSL_pending() says there's data to
read.

Patch by Fabian Mauchle.
---

diff --git a/tls.c b/tls.c
index 4197069..9b8e7be 100644
--- a/tls.c
+++ b/tls.c
@@ -165,7 +165,7 @@ int tlsconnect(struct server *server, struct timeval *when, int timeout, char *t
 /* returns 0 on timeout, -1 on error and num if ok */
 int sslreadtimeout(SSL *ssl, unsigned char *buf, int num, int timeout) {
     int s, ndesc, cnt, len;
-    fd_set readfds, writefds;
+    fd_set readfds;
     struct timeval timer;
 
     s = SSL_get_fd(ssl);
@@ -173,16 +173,17 @@ int sslreadtimeout(SSL *ssl, unsigned char *buf, int num, int timeout) {
 	return -1;
     /* make socket non-blocking? */
     for (len = 0; len < num; len += cnt) {
-	FD_ZERO(&readfds);
-	FD_SET(s, &readfds);
-	writefds = readfds;
-	if (timeout) {
-	    timer.tv_sec = timeout;
-	    timer.tv_usec = 0;
+	if (SSL_pending(ssl) == 0) {
+            FD_ZERO(&readfds);
+            FD_SET(s, &readfds);
+            if (timeout) {
+                timer.tv_sec = timeout;
+                timer.tv_usec = 0;
+            }
+	    ndesc = select(s + 1, &readfds, NULL, NULL, timeout ? &timer : NULL);
+            if (ndesc < 1)
+                return ndesc;
 	}
-	ndesc = select(s + 1, &readfds, &writefds, NULL, timeout ? &timer : NULL);
-	if (ndesc < 1)
-	    return ndesc;
 
 	cnt = SSL_read(ssl, buf + len, num - len);
 	if (cnt <= 0)