From: <st...@us...> - 2011-12-29 15:04:35
|
Revision: 6824 http://xymon.svn.sourceforge.net/xymon/?rev=6824&view=rev Author: storner Date: 2011-12-29 15:04:29 +0000 (Thu, 29 Dec 2011) Log Message: ----------- tcplib: On SSL connections, only call SSL_shutdown when a full connection close is happening. Modified Paths: -------------- trunk/lib/tcplib.c Modified: trunk/lib/tcplib.c =================================================================== --- trunk/lib/tcplib.c 2011-12-29 15:03:36 UTC (rev 6823) +++ trunk/lib/tcplib.c 2011-12-29 15:04:29 UTC (rev 6824) @@ -1277,11 +1277,14 @@ break; default: + /* Encrypted connections can only do a full close */ + if (!direction || (strcasecmp(direction, "rw") == 0)) { #ifdef HAVE_OPENSSL - if (conn->ssl) SSL_shutdown(conn->ssl); + if (conn->ssl) SSL_shutdown(conn->ssl); #endif - conn->connstate = CONN_CLOSING; - conn_cleanup(conn); + conn->connstate = CONN_CLOSING; + conn_cleanup(conn); + } } } This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. |
From: <st...@us...> - 2012-01-05 13:50:21
|
Revision: 6856 http://xymon.svn.sourceforge.net/xymon/?rev=6856&view=rev Author: storner Date: 2012-01-05 13:50:12 +0000 (Thu, 05 Jan 2012) Log Message: ----------- tcplib: Handle STARTTLS for servers Modified Paths: -------------- trunk/lib/tcplib.c Modified: trunk/lib/tcplib.c =================================================================== --- trunk/lib/tcplib.c 2012-01-05 13:47:56 UTC (rev 6855) +++ trunk/lib/tcplib.c 2012-01-05 13:50:12 UTC (rev 6856) @@ -397,6 +397,7 @@ #ifdef IPV4_SUPPORT ls = (tcpconn_t *)calloc(1, sizeof(tcpconn_t)); ls->connstate = ((sslhandling == CONN_SSL_YES) ? CONN_SSL_INIT : CONN_PLAINTEXT); + ls->sslhandling = sslhandling; ls->usercallback = usercallback; ls->family = AF_INET; ls->peersz = sizeof(struct sockaddr_in); @@ -415,6 +416,7 @@ #ifdef IPV6_SUPPORT ls = (tcpconn_t *)calloc(1, sizeof(tcpconn_t)); ls->connstate = ((sslhandling == CONN_SSL_YES) ? CONN_SSL_INIT : CONN_PLAINTEXT); + ls->sslhandling = sslhandling; ls->usercallback = usercallback; ls->family = AF_INET6; ls->peersz = sizeof(struct sockaddr_in6); @@ -511,6 +513,8 @@ const char *funcid = "try_ssl_starttls"; int sslresult; + conn_info(funcid, INFO_DEBUG, "Trying STARTTLS with %s\n", conn_print_address(conn)); + sslresult = SSL_do_handshake(conn->ssl); if (sslresult == 1) { conn->usercallback(conn, CONN_CB_SSLHANDSHAKE_OK, conn->userdata); @@ -547,15 +551,22 @@ { const char *funcid = "conn_starttls"; + conn_info(funcid, INFO_DEBUG, "Initiating STARTTLS in %s mode\n", + (conn->sslhandling == CONN_SSL_STARTTLS_SERVER) ? "server" : "client"); + #ifdef HAVE_OPENSSL - if (!conn->ssl) { - conn_info(funcid, INFO_ERROR, "starttls failed, SSL certificate not prepared\n"); - return 1; - } - switch (conn->sslhandling) { case CONN_SSL_STARTTLS_SERVER: - SSL_set_accept_state(conn->ssl); + if (serverctx) { + conn->ctx = NULL; /* NULL, because we dont want it freed in case of an error */ + conn->ssl = SSL_new(serverctx); + SSL_set_accept_state(conn->ssl); + } + else { + conn_info(funcid, INFO_ERROR, + "starttls failed, SSL certificate not prepared\n"); + return 1; + } break; case CONN_SSL_STARTTLS_CLIENT: SSL_set_connect_state(conn->ssl); @@ -595,6 +606,7 @@ newconn = (tcpconn_t *)calloc(1, sizeof(tcpconn_t)); newconn->connstate = ls->connstate; + newconn->sslhandling = ls->sslhandling; newconn->usercallback = ls->usercallback; newconn->family = ls->family; newconn->peer = (struct sockaddr *)malloc(sin_len); @@ -942,6 +954,9 @@ if (FD_ISSET(walk->sock, fdread)) { cbres = walk->usercallback(walk, CONN_CB_READ, walk->userdata); if (walk->connstate == CONN_DEAD) continue; + + if (cbres == CONN_CBRESULT_STARTTLS) + conn_starttls(walk); } if (FD_ISSET(walk->sock, fdwrite)) { @@ -1095,11 +1110,10 @@ enum conn_cbresult_t (*usercallback)(tcpconn_t *, enum conn_callback_t, void *)) { static char *funcid = "conn_init_server"; + int sslavailable = 0; signal(SIGPIPE, SIG_IGN); /* socket I/O needs to ignore SIGPIPE */ - if (portnumber) conn_listen(portnumber, backlog, 0, local4, local6, usercallback); - #ifdef HAVE_OPENSSL SSL_load_error_strings(); SSL_library_init(); @@ -1108,25 +1122,31 @@ SSL_CTX_set_options(serverctx, (SSL_OP_NO_SSLv2 | SSL_OP_ALL)); SSL_CTX_set_quiet_shutdown(serverctx, 1); - if (sslportnumber && (try_ssl_certload(serverctx, certfn, keyfn) == 0)) { - if (rootcafn) { - int mode = SSL_VERIFY_PEER|SSL_VERIFY_CLIENT_ONCE; + if (certfn) { + sslavailable = (try_ssl_certload(serverctx, certfn, keyfn) == 0); + if (!sslavailable) { + conn_info(funcid, INFO_INFO, "No server certificate - disabling SSL connections\n"); + } + } - conn_info(funcid, INFO_INFO, "Enabled client certificate verification\n"); + if (sslavailable && rootcafn) { + int mode = SSL_VERIFY_PEER|SSL_VERIFY_CLIENT_ONCE; - if (requireclientcert) mode |= SSL_VERIFY_FAIL_IF_NO_PEER_CERT; + conn_info(funcid, INFO_INFO, "Enabled client certificate verification\n"); - if (SSL_CTX_load_verify_locations(serverctx, rootcafn, NULL) != 1) - conn_info(funcid, INFO_WARN, "Cannot open rootca file %s\n", rootcafn); - else { - SSL_CTX_set_client_CA_list(serverctx, SSL_load_client_CA_file(rootcafn)); - SSL_CTX_set_verify(serverctx, mode, NULL); - } + if (requireclientcert) mode |= SSL_VERIFY_FAIL_IF_NO_PEER_CERT; + + if (SSL_CTX_load_verify_locations(serverctx, rootcafn, NULL) != 1) + conn_info(funcid, INFO_WARN, "Cannot open rootca file %s\n", rootcafn); + else { + SSL_CTX_set_client_CA_list(serverctx, SSL_load_client_CA_file(rootcafn)); + SSL_CTX_set_verify(serverctx, mode, NULL); } - - conn_listen(sslportnumber, backlog, 1, local4, local6, usercallback); } #endif + + if (portnumber) conn_listen(portnumber, backlog, (sslavailable ? CONN_SSL_STARTTLS_SERVER : CONN_SSL_NO), local4, local6, usercallback); + if (sslavailable && sslportnumber) conn_listen(sslportnumber, backlog, CONN_SSL_YES, local4, local6, usercallback); } This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. |
From: <st...@us...> - 2012-01-07 10:42:59
|
Revision: 6859 http://xymon.svn.sourceforge.net/xymon/?rev=6859&view=rev Author: storner Date: 2012-01-07 10:42:52 +0000 (Sat, 07 Jan 2012) Log Message: ----------- sendmsg lib: Implement STARTTLS on client side. Fix portnumber selection. Modified Paths: -------------- trunk/lib/tcplib.c Modified: trunk/lib/tcplib.c =================================================================== --- trunk/lib/tcplib.c 2012-01-05 20:37:03 UTC (rev 6858) +++ trunk/lib/tcplib.c 2012-01-07 10:42:52 UTC (rev 6859) @@ -76,6 +76,24 @@ "Cleanup" }; +char *conn_state_names[CONN_DEAD+1] = { + "Plaintext", + "SSL init", + "SSL connecting", + "Plaintext connecting", + "SSL accept read", + "SSL accept write", + "SSL connect read", + "SSL connect write", + "SSL starttls read", + "SSL starttls write", + "SSL read", + "SSL write", + "SSL user ready", + "Closing", + "Dead", +}; + void conn_register_infohandler(void (*cb)(time_t, const char *id, char *msg), enum infolevel_t level) { userinfo = cb; @@ -442,6 +460,8 @@ const char *funcid = "try_ssl_accept"; int sslresult; + conn->connstate = CONN_SSL_INIT; + sslresult = SSL_accept(conn->ssl); if (sslresult == 1) { conn->usercallback(conn, CONN_CB_SSLHANDSHAKE_OK, conn->userdata); @@ -475,6 +495,8 @@ const char *funcid = "try_ssl_connect"; int sslresult; + conn->connstate = CONN_SSL_INIT; + sslresult = SSL_connect(conn->ssl); if (sslresult == 1) { conn->usercallback(conn, CONN_CB_SSLHANDSHAKE_OK, conn->userdata); @@ -512,10 +534,12 @@ #ifdef HAVE_OPENSSL const char *funcid = "try_ssl_starttls"; int sslresult; + char sslerrmsg[256]; - conn_info(funcid, INFO_DEBUG, "Trying STARTTLS with %s\n", conn_print_address(conn)); + conn->connstate = CONN_SSL_INIT; sslresult = SSL_do_handshake(conn->ssl); + if (sslresult == 1) { conn->usercallback(conn, CONN_CB_SSLHANDSHAKE_OK, conn->userdata); conn->connstate = CONN_SSL_READY; @@ -525,7 +549,8 @@ /* SSL handshake failed */ conn->usercallback(conn, CONN_CB_SSLHANDSHAKE_FAILED, conn->userdata); SSL_get_error(conn->ssl, sslresult); - conn_info(funcid, INFO_ERROR, "SSL connection failed to %s\n", conn_print_address(conn)); + ERR_error_string(ERR_get_error(), sslerrmsg); + conn_info(funcid, INFO_ERROR, "SSL connection failed to %s: %s\n", conn_print_address(conn), sslerrmsg); conn->connstate = CONN_CLOSING; } else if (sslresult == -1) { @@ -555,18 +580,29 @@ (conn->sslhandling == CONN_SSL_STARTTLS_SERVER) ? "server" : "client"); #ifdef HAVE_OPENSSL - switch (conn->sslhandling) { - case CONN_SSL_STARTTLS_SERVER: + /* The SSL ctx and ssl settings have been setup when the socket was created */ + if (conn->sslhandling == CONN_SSL_STARTTLS_SERVER) { if (serverctx) { conn->ctx = NULL; /* NULL, because we dont want it freed in case of an error */ conn->ssl = SSL_new(serverctx); - SSL_set_accept_state(conn->ssl); } else { conn_info(funcid, INFO_ERROR, "starttls failed, SSL certificate not prepared\n"); return 1; } + } + + if (SSL_set_fd(conn->ssl, conn->sock) != 1) { + char sslerrmsg[256]; + ERR_error_string(ERR_get_error(), sslerrmsg); + conn_info(funcid, INFO_ERROR, "starttls failed for %s: %s\n", conn_print_address(conn), sslerrmsg); + return 1; + } + + switch (conn->sslhandling) { + case CONN_SSL_STARTTLS_SERVER: + SSL_set_accept_state(conn->ssl); break; case CONN_SSL_STARTTLS_CLIENT: SSL_set_connect_state(conn->ssl); @@ -576,14 +612,6 @@ return 1; } - /* The SSL ctx and ssl settings have been setup when the socket was created */ - if (SSL_set_fd(conn->ssl, conn->sock) != 1) { - char sslerrmsg[256]; - ERR_error_string(ERR_get_error(), sslerrmsg); - conn_info(funcid, INFO_ERROR, "starttls failed for %s: %s\n", conn_print_address(conn), sslerrmsg); - return 1; - } - try_ssl_starttls(conn); return 0; #else @@ -617,6 +645,9 @@ return NULL; } + /* Make the new socket non-blocking */ + fcntl(newconn->sock, F_SETFL, O_NONBLOCK); + switch (newconn->family) { #ifdef IPV4_SUPPORT case AF_INET: @@ -868,6 +899,8 @@ */ int conn_fdset(fd_set *fdread, fd_set *fdwrite) { + const char *funcid = "conn_fdset"; + int maxfd, wantread, wantwrite; tcpconn_t *walk; @@ -879,7 +912,6 @@ for (walk = conns; (walk); walk = walk->next) { switch (walk->connstate) { - case CONN_SSL_INIT: case CONN_CLOSING: case CONN_DEAD: break; @@ -895,6 +927,18 @@ } break; + case CONN_SSL_INIT: + /* + * Starting an SSL handshake, we want to read or write data. + * + * NOTE: This really should not happen, since all SSL I/O + * operations explicitly call try_ssl_X(), which invokes the + * SSL I/O operation and then changes state to CONN_SSL_X_READ/WRITE + */ + add_fd(walk->sock, fdread, &maxfd); + add_fd(walk->sock, fdwrite, &maxfd); + break; + case CONN_SSL_ACCEPT_READ: case CONN_SSL_CONNECT_READ: case CONN_SSL_STARTTLS_READ: This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. |
From: <st...@us...> - 2012-01-08 16:00:45
|
Revision: 6869 http://xymon.svn.sourceforge.net/xymon/?rev=6869&view=rev Author: storner Date: 2012-01-08 16:00:39 +0000 (Sun, 08 Jan 2012) Log Message: ----------- tcplib: Missing initialisation for time-operations made valgrind complain Modified Paths: -------------- trunk/lib/tcplib.c Modified: trunk/lib/tcplib.c =================================================================== --- trunk/lib/tcplib.c 2012-01-08 15:59:51 UTC (rev 6868) +++ trunk/lib/tcplib.c 2012-01-08 16:00:39 UTC (rev 6869) @@ -234,6 +234,7 @@ if ((tstr[i] > '9') || (tstr[i] < '0')) return 0; } + memset(&tm, 0, sizeof(tm)); gmt = (tstr[tslen-1] == 'Z') ? 1 : 0; if (tslen >= 14) { This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. |
From: <st...@us...> - 2012-01-10 17:00:42
|
Revision: 6881 http://xymon.svn.sourceforge.net/xymon/?rev=6881&view=rev Author: storner Date: 2012-01-10 17:00:36 +0000 (Tue, 10 Jan 2012) Log Message: ----------- tcplib: Move SSL initialisation into separate routine, and make sure it only happens once. Bail out if SSL_CTX_new fails to create a client SSL context. Modified Paths: -------------- trunk/lib/tcplib.c Modified: trunk/lib/tcplib.c =================================================================== --- trunk/lib/tcplib.c 2012-01-10 16:59:21 UTC (rev 6880) +++ trunk/lib/tcplib.c 2012-01-10 17:00:36 UTC (rev 6881) @@ -94,6 +94,22 @@ "Dead", }; +static void conn_ssllibrary_init(void) +{ + static haverun = 0; + + if (haverun) return; + + haverun = 1; + +#ifdef HAVE_OPENSSL + SSL_load_error_strings(); + SSL_library_init(); + OpenSSL_add_all_algorithms(); + conn_info("conn_ssllibrary_init", INFO_DEBUG, "Library init done\n"); +#endif +} + void conn_register_infohandler(void (*cb)(time_t, const char *id, char *msg), enum infolevel_t level) { userinfo = cb; @@ -1164,9 +1180,8 @@ signal(SIGPIPE, SIG_IGN); /* socket I/O needs to ignore SIGPIPE */ #ifdef HAVE_OPENSSL - SSL_load_error_strings(); - SSL_library_init(); - OpenSSL_add_all_algorithms(); + conn_ssllibrary_init(); + serverctx = SSL_CTX_new(SSLv23_server_method()); SSL_CTX_set_options(serverctx, (SSL_OP_NO_SSLv2 | SSL_OP_ALL)); SSL_CTX_set_quiet_shutdown(serverctx, 1); @@ -1206,11 +1221,7 @@ { signal(SIGPIPE, SIG_IGN); -#ifdef HAVE_OPENSSL - SSL_load_error_strings(); - SSL_library_init(); - OpenSSL_add_all_algorithms(); -#endif + conn_ssllibrary_init(); } @@ -1356,6 +1367,16 @@ if (sslhandling != CONN_SSL_NO) { newconn->sslhandling = sslhandling; newconn->ctx = SSL_CTX_new(SSLv23_client_method()); + if (!newconn->ctx) { + char sslerrmsg[256]; + + ERR_error_string(ERR_get_error(), sslerrmsg); + conn_info(funcid, INFO_ERROR, "SSL_CTX_new failed: %s\n", sslerrmsg); + conn_cleanup(newconn); + free(newconn); + return NULL; + } + SSL_CTX_set_options(newconn->ctx, (SSL_OP_NO_SSLv2 | SSL_OP_ALL)); SSL_CTX_set_quiet_shutdown(newconn->ctx, 1); if (certfn) { This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. |
From: <st...@us...> - 2012-01-10 17:11:22
|
Revision: 6887 http://xymon.svn.sourceforge.net/xymon/?rev=6887&view=rev Author: storner Date: 2012-01-10 17:11:11 +0000 (Tue, 10 Jan 2012) Log Message: ----------- tcplib: Move conn_ssllibrary_init() to avoid forward declaration Modified Paths: -------------- trunk/lib/tcplib.c Modified: trunk/lib/tcplib.c =================================================================== --- trunk/lib/tcplib.c 2012-01-10 17:08:32 UTC (rev 6886) +++ trunk/lib/tcplib.c 2012-01-10 17:11:11 UTC (rev 6887) @@ -94,22 +94,6 @@ "Dead", }; -static void conn_ssllibrary_init(void) -{ - static haverun = 0; - - if (haverun) return; - - haverun = 1; - -#ifdef HAVE_OPENSSL - SSL_load_error_strings(); - SSL_library_init(); - OpenSSL_add_all_algorithms(); - conn_info("conn_ssllibrary_init", INFO_DEBUG, "Library init done\n"); -#endif -} - void conn_register_infohandler(void (*cb)(time_t, const char *id, char *msg), enum infolevel_t level) { userinfo = cb; @@ -141,6 +125,22 @@ } } +static void conn_ssllibrary_init(void) +{ + static int haverun = 0; + + if (haverun) return; + + haverun = 1; + +#ifdef HAVE_OPENSSL + SSL_load_error_strings(); + SSL_library_init(); + OpenSSL_add_all_algorithms(); + conn_info("conn_ssllibrary_init", INFO_DEBUG, "Library init done\n"); +#endif +} + void conn_getntimer(struct timespec *tp) { #if (_POSIX_TIMERS > 0) && defined(_POSIX_MONOTONIC_CLOCK) This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. |
From: <st...@us...> - 2013-04-22 08:22:42
|
Revision: 7193 http://sourceforge.net/p/xymon/code/7193 Author: storner Date: 2013-04-22 08:22:38 +0000 (Mon, 22 Apr 2013) Log Message: ----------- tcplib: Compile fixes for compiling without OpenSSL Modified Paths: -------------- trunk/lib/tcplib.c Modified: trunk/lib/tcplib.c =================================================================== --- trunk/lib/tcplib.c 2013-04-22 08:18:26 UTC (rev 7192) +++ trunk/lib/tcplib.c 2013-04-22 08:22:38 UTC (rev 7193) @@ -454,7 +454,9 @@ #ifdef IPV4_SUPPORT ls = (tcpconn_t *)calloc(1, sizeof(tcpconn_t)); ls->connstate = ((sslhandling == CONN_SSL_YES) ? CONN_SSL_INIT : CONN_PLAINTEXT); +#ifdef HAVE_OPENSSL ls->sslhandling = sslhandling; +#endif ls->usercallback = usercallback; ls->maxlifetime = maxlifetime; ls->family = AF_INET; @@ -474,11 +476,13 @@ #ifdef IPV6_SUPPORT ls = (tcpconn_t *)calloc(1, sizeof(tcpconn_t)); ls->connstate = ((sslhandling == CONN_SSL_YES) ? CONN_SSL_INIT : CONN_PLAINTEXT); +#ifdef HAVE_OPENSSL ls->sslhandling = sslhandling; +#endif ls->usercallback = usercallback; ls->maxlifetime = maxlifetime; ls->family = AF_INET6; - ls->peersz = sizeof(struct sockaddr_in6); + ls->peersz = sizeof(struct sockaddr) + sizeof(struct sockaddr_in6); ls->peer = (struct sockaddr *)calloc(1, ls->peersz); if (listen_port(ls, portnumber, backlog, local6) == -1) { conn_cleanup(ls); @@ -617,10 +621,10 @@ { const char *funcid = "conn_starttls"; +#ifdef HAVE_OPENSSL conn_info(funcid, INFO_DEBUG, "Initiating STARTTLS in %s mode\n", (conn->sslhandling == CONN_SSL_STARTTLS_SERVER) ? "server" : "client"); -#ifdef HAVE_OPENSSL /* The SSL ctx and ssl settings have been setup when the socket was created */ if (conn->sslhandling == CONN_SSL_STARTTLS_SERVER) { if (serverctx) { @@ -675,7 +679,9 @@ newconn = (tcpconn_t *)calloc(1, sizeof(tcpconn_t)); newconn->connstate = ls->connstate; +#ifdef HAVE_OPENSSL newconn->sslhandling = ls->sslhandling; +#endif newconn->usercallback = ls->usercallback; newconn->maxlifetime = ls->maxlifetime; newconn->family = ls->family; This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. |
From: <st...@us...> - 2013-07-28 15:14:36
|
Revision: 7237 http://sourceforge.net/p/xymon/code/7237 Author: storner Date: 2013-07-28 15:14:33 +0000 (Sun, 28 Jul 2013) Log Message: ----------- tcplib: Dont barf when accept() is interrupted Modified Paths: -------------- trunk/lib/tcplib.c Modified: trunk/lib/tcplib.c =================================================================== --- trunk/lib/tcplib.c 2013-07-28 15:13:49 UTC (rev 7236) +++ trunk/lib/tcplib.c 2013-07-28 15:14:33 UTC (rev 7237) @@ -689,7 +689,7 @@ newconn->sock = accept(ls->sock, newconn->peer, &sin_len); if (newconn->sock == -1) { conn_cleanup(newconn); - conn_info(funcid, INFO_WARN, "accept failed (%s)\n", strerror(errno)); + if ((errno != EAGAIN) && (errno != EINTR)) conn_info(funcid, INFO_WARN, "accept failed (%d: %s)\n", errno, strerror(errno)); return NULL; } This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. |
From: <st...@us...> - 2013-07-29 15:28:39
|
Revision: 7241 http://sourceforge.net/p/xymon/code/7241 Author: storner Date: 2013-07-29 15:28:35 +0000 (Mon, 29 Jul 2013) Log Message: ----------- tcplib: Dont try working on dead sockets Modified Paths: -------------- trunk/lib/tcplib.c Modified: trunk/lib/tcplib.c =================================================================== --- trunk/lib/tcplib.c 2013-07-29 04:26:20 UTC (rev 7240) +++ trunk/lib/tcplib.c 2013-07-29 15:28:35 UTC (rev 7241) @@ -1043,6 +1043,7 @@ for (walk = conns; (walk); walk = walk->next) { enum conn_cbresult_t cbres = CONN_CBRESULT_OK; + if (walk->connstate == CONN_DEAD) continue; if (FD_ISSET(walk->sock, fdread)) { cbres = walk->usercallback(walk, CONN_CB_READ, walk->userdata); if (walk->connstate == CONN_DEAD) continue; @@ -1051,6 +1052,7 @@ conn_starttls(walk); } + if (walk->connstate == CONN_DEAD) continue; if (FD_ISSET(walk->sock, fdwrite)) { switch (walk->connstate) { case CONN_PLAINTEXT_CONNECTING: This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. |
From: <st...@us...> - 2013-08-10 11:37:12
|
Revision: 7268 http://sourceforge.net/p/xymon/code/7268 Author: storner Date: 2013-08-10 11:37:09 +0000 (Sat, 10 Aug 2013) Log Message: ----------- tcplib: Dont crash when SSL connection has no dialog (e.g. SSL port check) Modified Paths: -------------- trunk/lib/tcplib.c Modified: trunk/lib/tcplib.c =================================================================== --- trunk/lib/tcplib.c 2013-08-10 11:34:30 UTC (rev 7267) +++ trunk/lib/tcplib.c 2013-08-10 11:37:09 UTC (rev 7268) @@ -551,8 +551,12 @@ sslresult = SSL_connect(conn->ssl); if (sslresult == 1) { conn->usercallback(conn, CONN_CB_SSLHANDSHAKE_OK, conn->userdata); - conn->connstate = CONN_SSL_READY; - conn_info(funcid, INFO_INFO, "SSL connection established with %s\n", conn_print_address(conn)); + + if (conn->connstate != CONN_DEAD) { + /* connstate may be CONN_DEAD for connections that have no data exchange, ie. the connection is closed immediately */ + conn->connstate = CONN_SSL_READY; + conn_info(funcid, INFO_INFO, "SSL connection established with %s\n", conn_print_address(conn)); + } } else if (sslresult == 0) { /* SSL connect failed */ This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. |