|
Andreas Thienemann |
074524 |
|
|
Andreas Thienemann |
074524 |
This patch should fix the spurious connection drops that fail jobs
|
|
Andreas Thienemann |
074524 |
as reported in bug #888.
|
|
Andreas Thienemann |
074524 |
Apply it to version 2.0.3 (possibly earlier versions of 2.0) with:
|
|
Andreas Thienemann |
074524 |
|
|
Andreas Thienemann |
074524 |
cd <bacula-source>
|
|
Andreas Thienemann |
074524 |
patch -p0 <2.0.3-tls-disconnect.patch
|
|
Andreas Thienemann |
074524 |
make
|
|
Andreas Thienemann |
074524 |
...
|
|
Andreas Thienemann |
074524 |
make install
|
|
Andreas Thienemann |
074524 |
|
|
Andreas Thienemann |
074524 |
Index: src/lib/tls.c
|
|
Andreas Thienemann |
074524 |
===================================================================
|
|
Andreas Thienemann |
074524 |
--- src/lib/tls.c (revision 4668)
|
|
Andreas Thienemann |
074524 |
+++ src/lib/tls.c (working copy)
|
|
Andreas Thienemann |
074524 |
@@ -540,14 +540,6 @@
|
|
Andreas Thienemann |
074524 |
* The first time to initiate the shutdown handshake, and the second to
|
|
Andreas Thienemann |
074524 |
* receive the peer's reply.
|
|
Andreas Thienemann |
074524 |
*
|
|
Andreas Thienemann |
074524 |
- * However, it is valid to close the SSL connection after the initial
|
|
Andreas Thienemann |
074524 |
- * shutdown notification is sent to the peer, without waiting for the
|
|
Andreas Thienemann |
074524 |
- * peer's reply, as long as you do not plan to re-use that particular
|
|
Andreas Thienemann |
074524 |
- * SSL connection object.
|
|
Andreas Thienemann |
074524 |
- *
|
|
Andreas Thienemann |
074524 |
- * Because we do not re-use SSL connection objects, I do not bother
|
|
Andreas Thienemann |
074524 |
- * calling SSL_shutdown a second time.
|
|
Andreas Thienemann |
074524 |
- *
|
|
Andreas Thienemann |
074524 |
* In addition, if the underlying socket is blocking, SSL_shutdown()
|
|
Andreas Thienemann |
074524 |
* will not return until the current stage of the shutdown process has
|
|
Andreas Thienemann |
074524 |
* completed or an error has occured. By setting the socket blocking
|
|
Andreas Thienemann |
074524 |
@@ -560,6 +552,10 @@
|
|
Andreas Thienemann |
074524 |
flags = bnet_set_blocking(bsock);
|
|
Andreas Thienemann |
074524 |
|
|
Andreas Thienemann |
074524 |
err = SSL_shutdown(bsock->tls->openssl);
|
|
Andreas Thienemann |
074524 |
+ if (err == 0) {
|
|
Andreas Thienemann |
074524 |
+ /* Finish up the closing */
|
|
Andreas Thienemann |
074524 |
+ err = SSL_shutdown(bsock->tls->openssl);
|
|
Andreas Thienemann |
074524 |
+ }
|
|
Andreas Thienemann |
074524 |
|
|
Andreas Thienemann |
074524 |
switch (SSL_get_error(bsock->tls->openssl, err)) {
|
|
Andreas Thienemann |
074524 |
case SSL_ERROR_NONE:
|
|
Andreas Thienemann |
074524 |
@@ -574,8 +570,6 @@
|
|
Andreas Thienemann |
074524 |
break;
|
|
Andreas Thienemann |
074524 |
}
|
|
Andreas Thienemann |
074524 |
|
|
Andreas Thienemann |
074524 |
- /* Restore saved flags */
|
|
Andreas Thienemann |
074524 |
- bnet_restore_blocking(bsock, flags);
|
|
Andreas Thienemann |
074524 |
}
|
|
Andreas Thienemann |
074524 |
|
|
Andreas Thienemann |
074524 |
/* Does all the manual labor for tls_bsock_readn() and tls_bsock_writen() */
|