tlsgate

TLS reverse proxy
git clone git://git.akobets.xyz/tlsgate
Log | Files | Refs | README | LICENSE

commit 77066a795158fee51ec1ea5f1e97af5b2d9b24da
parent 73bfd57156ec29b88dbdae4c2fa17f39253bc69a
Author: Artem Kobets <artem@akobets.xyz>
Date:   Thu,  3 Sep 2020 11:38:00 +0300

tls_handshake/tls_close handling TLS_WANT_POLLIN/POLLOUT

Diffstat:
Mmain.c | 27++++++++++++++++++---------
Mserve.c | 25+++++++++++++++++++++----
Mserve.h | 5++++-
3 files changed, 43 insertions(+), 14 deletions(-)

diff --git a/main.c b/main.c @@ -2,13 +2,11 @@ #include <signal.h> #include <stdio.h> #include <stdlib.h> -#include <string.h> #include <sys/resource.h> #include <sys/wait.h> #include <unistd.h> #include <sys/socket.h> -#include <tls.h> #include "serve.h" #include "sock.h" @@ -31,9 +29,9 @@ static void usage(void) { errx( - "usage: %s -c cert -k key [-C ca]\n" + "usage: %s [-v] -c cert -k key [-C ca]\n" " [-h host] -p port [-H host] [-P port] [-U file]\n" - " [-n proc-num] [-v]", + " [-n proc-num]", argv0 ); } @@ -61,7 +59,7 @@ main(int argc, char **argv) argv0 = argv[0]; - while ((opt = getopt(argc, argv, "c:k:C:h:p:H:P:U:nv"))) { + while ((opt = getopt(argc, argv, "c:k:C:h:p:H:P:U:n:v"))) { switch (opt) { case 'c': cert_file = optarg; @@ -158,6 +156,7 @@ main(int argc, char **argv) case 0: { struct tls *cctx = NULL; int clientfd = -1; + int ret; close(fd); @@ -169,9 +168,19 @@ main(int argc, char **argv) warn("tls_accept_socket"); goto cleanup; } - if (tls_handshake(cctx) == -1) { - warnx("tls_handshake: %s", tls_error(cctx)); - goto cleanup; + while (1) { + ret = tls_handshake(cctx); + if (ret == -1) { + warnx("tls_handshake: %s", tls_error(cctx)); + goto cleanup; + } else if ( + ret == TLS_WANT_POLLIN || + ret == TLS_WANT_POLLOUT + ) { + continue; + } else { + break; + } } /* connect to client */ @@ -187,7 +196,7 @@ main(int argc, char **argv) cleanup: if (cctx != NULL) { - tls_close(cctx); + full_tls_close(cctx); tls_free(cctx); } shutdown(cfd, SHUT_RDWR); diff --git a/serve.c b/serve.c @@ -4,7 +4,6 @@ #include <unistd.h> #include <sys/socket.h> -#include <tls.h> #include "serve.h" #include "util.h" @@ -18,7 +17,7 @@ serve(struct tls *ctx, int fd) pid = fork(); if (pid == -1) { warn("fork"); - tls_close(ctx); + full_tls_close(ctx); shutdown(fd, SHUT_RDWR); return; } @@ -48,7 +47,7 @@ serve(struct tls *ctx, int fd) if (nwrite == -1) break; } - tls_close(ctx); + full_tls_close(ctx); shutdown(fd, SHUT_RDWR); _exit(0); } else { @@ -74,7 +73,25 @@ serve(struct tls *ctx, int fd) if (nwrite == -1) break; } - tls_close(ctx); + full_tls_close(ctx); shutdown(fd, SHUT_RDWR); } } + +int +full_tls_close(struct tls *ctx) +{ + int ret; + + while (1) { + ret = tls_close(ctx); + if ( + ret == TLS_WANT_POLLIN || + ret == TLS_WANT_POLLOUT + ) { + continue; + } else { + return ret; + } + } +} diff --git a/serve.h b/serve.h @@ -1 +1,4 @@ -void serve(struct tls *cctx, int clientfd); +#include <tls.h> + +void serve(struct tls *ctx, int clientfd); +int full_tls_close(struct tls *ctx);