From 71fc85af0b929bfcaff784e8cc6e8ed4eb6a1f1b Mon Sep 17 00:00:00 2001 From: Olof hagsand Date: Fri, 2 Sep 2022 19:43:05 +0200 Subject: [PATCH] restconf: removed try to reply on http on https error, fails on openssl 3 test: pipe background restconf to /dev/null --- apps/restconf/restconf_native.c | 7 ++----- test/lib.sh | 3 +-- test/test_restconf.sh | 10 +++++++--- 3 files changed, 10 insertions(+), 10 deletions(-) diff --git a/apps/restconf/restconf_native.c b/apps/restconf/restconf_native.c index 165dd790..4563f9a9 100644 --- a/apps/restconf/restconf_native.c +++ b/apps/restconf/restconf_native.c @@ -409,6 +409,7 @@ native_buf_write(clicon_handle h, usleep(10000); continue; break; + // case EBADF: // XXX if this happens there is some larger error case ECONNRESET: /* Connection reset by peer */ case EPIPE: /* Broken pipe */ if (restconf_connection_close(h, s, rsock) < 0) @@ -1159,11 +1160,6 @@ restconf_ssl_accept_client(clicon_handle h, switch (e){ case SSL_ERROR_SSL: /* 1 */ clicon_debug(1, "%s SSL_ERROR_SSL (non-ssl message on ssl socket)", __FUNCTION__); -#if 1 - if (native_send_badrequest(h, rc->rc_s, NULL, "application/yang-data+xml", - "protocolmalformed-messageThe plain HTTP request was sent to HTTPS port", rc->rc_socket) < 0) - goto done; -#endif SSL_free(rc->rc_ssl); rc->rc_ssl = NULL; if (restconf_connection_close(h, rc->rc_s, rc->rc_socket) < 0) @@ -1274,6 +1270,7 @@ restconf_ssl_accept_client(clicon_handle h, * continue to http/1 or http/2 handling * @see restconf_connection_sanity */ + } #endif #if 0 /* debug */ diff --git a/test/lib.sh b/test/lib.sh index ba7ddf13..f0a6a615 100755 --- a/test/lib.sh +++ b/test/lib.sh @@ -569,7 +569,7 @@ function wait_backend(){ function start_restconf(){ # Start in background echo "sudo -u $wwwstartuser -s $clixon_restconf $RCLOG -D $DBG $*" - sudo -u $wwwstartuser -s $clixon_restconf $RCLOG -D $DBG $* & + sudo -u $wwwstartuser -s $clixon_restconf $RCLOG -D $DBG $* /dev/null & if [ $? -ne 0 ]; then err1 "expected 0" "$?" fi @@ -989,7 +989,6 @@ EOF # clixon tester read from file for large tests # Arguments: # - Command -# - Expected retval # - Filename to pipe to stdin # - expected stdout outcome function expecteof_file(){ diff --git a/test/test_restconf.sh b/test/test_restconf.sh index d1c13a8b..50218382 100755 --- a/test/test_restconf.sh +++ b/test/test_restconf.sh @@ -155,7 +155,7 @@ function testrun() new "start restconf daemon" # inline of start_restconf, cant make quotes to work echo "sudo -u $wwwstartuser -s $clixon_restconf $RCLOG -D $DBG -f $cfg -R $RESTCONFIG1" - sudo -u $wwwstartuser -s $clixon_restconf $RCLOG -D $DBG -f $cfg -R "$RESTCONFIG1" & + sudo -u $wwwstartuser -s $clixon_restconf $RCLOG -D $DBG -f $cfg -R "$RESTCONFIG1" /dev/null & if [ $? -ne 0 ]; then err1 "expected 0" "$?" fi @@ -206,8 +206,12 @@ function testrun() expectpart "$(curl $CURLOPTS -X GET https://$addr:80/.well-known/host-meta 2>&1)" 35 #"wrong version number" # dependent on curl version else # see (1) http to https port in restconf_main_native.c new "Wrong proto=http on https port, expect bad request" - expectpart "$(curl $CURLOPTS -X GET http://$addr:443/.well-known/host-meta)" 0 "HTTP/" "400" - # expectpart "$(curl $CURLOPTS -X GET http://$addr:443/.well-known/host-meta 2>&1)" 56 "Connection reset by peer" + expectpart "$(curl $CURLOPTS -X GET http://$addr:443/.well-known/host-meta 2>&1)" 56 "Connection reset by peer" + # An effort to return an HTTP error on HTTPS socket, but it breaks other + # error cases, more stable is to just close the socket, but + # curl gets an error code instead, see ^ +# expectpart "$(curl $CURLOPTS -X GET http://$addr:443/.well-known/host-meta)" 0 "HTTP/" "400" + fi #------------------------------------------------------- HTTP/2 ONLY