experiments/clixon
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Fixed RESTCONF race conditions on SSL_shutdown sslerr ZERO_RETURN appears occasionally and exist.

Browse source
This commit is contained in:
Olof hagsand 2023-04-25 16:11:08 +02:00
parent 05da8ef3c1
commit 54dc7a9a57
3 changed files with 11 additions and 6 deletions
Download patch file Download diff file Expand all files Collapse all files

1
CHANGELOG.md
View file

@ -89,6 +89,7 @@ Developers may need to change their code
### Corrected Bugs ### Corrected Bugs
* Fixed RESTCONF race conditions on SSL_shutdown sslerr ZERO_RETURN appears occasionally and exist.
* Fixed: RESTCONF: some client cert failure leads to restconf exit. Instead close and continue * Fixed: RESTCONF: some client cert failure leads to restconf exit. Instead close and continue
## 6.1.0 ## 6.1.0

11
apps/restconf/restconf_native.c
View file

@ -570,7 +570,7 @@ read_ssl(restconf_conn *rc,
usleep(1000); usleep(1000);
*again = 1; *again = 1;
break; break;
case SSL_ERROR_ZERO_RETURN: case SSL_ERROR_ZERO_RETURN: /* 6 */
*np = 0; /* should already be zero */ *np = 0; /* should already be zero */
break; break;
default: default:
@ -1078,10 +1078,9 @@ restconf_close_ssl_socket(restconf_conn *rc,
(ret = SSL_shutdown(rc->rc_ssl)) < 0){ (ret = SSL_shutdown(rc->rc_ssl)) < 0){
er = errno; er = errno;
sslerr = SSL_get_error(rc->rc_ssl, ret); sslerr = SSL_get_error(rc->rc_ssl, ret);
clicon_debug(1, "%s errno:%d sslerr:%d", __FUNCTION__, er, sslerr); clicon_debug(1, "%s errno:%s(%d) sslerr:%d", __FUNCTION__, strerror(er), er, sslerr);
// case SSL_ERROR_ZERO_RETURN: /* 6 */ if (sslerr == SSL_ERROR_SSL || /* 1 */
// Note that in this case SSL_ERROR_ZERO_RETURN does not necessarily indicate that the underlying transport has been closed. sslerr == SSL_ERROR_ZERO_RETURN){ /* 6 */
if (sslerr == SSL_ERROR_SSL){ /* 1 */
} }
else if (sslerr == SSL_ERROR_SYSCALL){ /* 5 */ else if (sslerr == SSL_ERROR_SYSCALL){ /* 5 */
@ -1093,6 +1092,8 @@ restconf_close_ssl_socket(restconf_conn *rc,
/* Ignore eg EBADF/ECONNRESET/EPIPE */ /* Ignore eg EBADF/ECONNRESET/EPIPE */
} }
else{ else{
/* To avoid close again in restconf_native_terminate */
rc->rc_s = -1;
clicon_err(OE_SSL, sslerr, "SSL_shutdown, %s err:%d %d", callfn, sslerr, er); clicon_err(OE_SSL, sslerr, "SSL_shutdown, %s err:%d %d", callfn, sslerr, er);
goto done; goto done;
} }

5
apps/restconf/restconf_nghttp2.c
View file

@ -180,7 +180,10 @@ session_send_callback(nghttp2_session *session,
if ((len = SSL_write(rc->rc_ssl, buf+totlen, buflen-totlen)) <= 0){ if ((len = SSL_write(rc->rc_ssl, buf+totlen, buflen-totlen)) <= 0){
er = errno; er = errno;
sslerr = SSL_get_error(rc->rc_ssl, len); sslerr = SSL_get_error(rc->rc_ssl, len);
clicon_debug(1, "%s errno:%d sslerr:%d", __FUNCTION__, er, sslerr); clicon_debug(1, "%s SSL_write: errno:%s(%d) sslerr:%d", __FUNCTION__,
strerror(er),
er,
sslerr);
switch (sslerr){ switch (sslerr){
case SSL_ERROR_WANT_WRITE: /* 3 */ case SSL_ERROR_WANT_WRITE: /* 3 */
clicon_debug(1, "%s write SSL_ERROR_WANT_WRITE", __FUNCTION__); clicon_debug(1, "%s write SSL_ERROR_WANT_WRITE", __FUNCTION__);