Changeset 401a0de in mod_gnutls


Ignore:
Timestamp:
Nov 18, 2015, 2:39:08 PM (2 years ago)
Author:
Thomas Klute <thomas2.klute@…>
Branches:
master, debian, jessie-backports, upstream
Children:
2ceb836
Parents:
d6a575c
git-author:
Thomas Klute <thomas2.klute@…> (11/18/15 14:10:27)
git-committer:
Thomas Klute <thomas2.klute@…> (11/18/15 14:39:08)
Message:

Close TLS session on EOF in input filter

If the input filter receives an EOF, the connection should be closed
and it resources released. The code for this can be shared with the
session shutdown code in the output filter, so it is moved to a
separate function.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • src/gnutls_io.c

    rf5a36ee r401a0de  
    496496}
    497497
     498
     499
     500/**
     501 * Close the TLS session associated with the given connection
     502 * structure and free its resources
     503 */
     504static int mgs_bye(mgs_handle_t* ctxt)
     505{
     506    int ret = GNUTLS_E_SUCCESS;
     507    /* End Of Connection */
     508    if (ctxt->session != NULL)
     509    {
     510        /* Try A Clean Shutdown */
     511        do {
     512            ret = gnutls_bye(ctxt->session, GNUTLS_SHUT_WR);
     513        } while (ret == GNUTLS_E_INTERRUPTED || ret == GNUTLS_E_AGAIN);
     514        if (ret != GNUTLS_E_SUCCESS)
     515            ap_log_cerror(APLOG_MARK, APLOG_DEBUG, 0, ctxt->c,
     516                          "%s: Error while closing TLS %sconnection: "
     517                          "'%s' (%d)",
     518                          __func__, IS_PROXY_STR(ctxt),
     519                          gnutls_strerror(ret), (int) ret);
     520        else
     521            ap_log_cerror(APLOG_MARK, APLOG_DEBUG, 0, ctxt->c,
     522                          "%s: TLS %sconnection closed.",
     523                          __func__, IS_PROXY_STR(ctxt));
     524        /* De-Initialize Session */
     525        gnutls_deinit(ctxt->session);
     526        ctxt->session = NULL;
     527    }
     528    return ret;
     529}
     530
     531
     532
    498533apr_status_t mgs_filter_input(ap_filter_t * f,
    499534        apr_bucket_brigade * bb,
     
    564599        if ((block == APR_NONBLOCK_READ) && (status == APR_EINTR))
    565600            return APR_EAGAIN;
     601
     602        /* Close TLS session and free resources on EOF,
     603         * gnutls_io_filter_error will add an EOS bucket */
     604        if (status == APR_EOF)
     605            mgs_bye(ctxt);
    566606
    567607        return gnutls_io_filter_error(f, bb, status);
     
    648688            apr_bucket_delete(bucket);
    649689        } else if (AP_BUCKET_IS_EOC(bucket)) {
    650             /* End Of Connection */
    651             if (ctxt->session != NULL) {
    652                 /* Try A Clean Shutdown */
    653                 do {
    654                     ret = gnutls_bye(ctxt->session, GNUTLS_SHUT_WR);
    655                 } while (ret == GNUTLS_E_INTERRUPTED || ret == GNUTLS_E_AGAIN);
    656                 if (ret != GNUTLS_E_SUCCESS)
    657                     ap_log_cerror(APLOG_MARK, APLOG_DEBUG, 0, ctxt->c,
    658                                   "%s: Error while closing TLS %sconnection: "
    659                                   "'%s' (%d)",
    660                                   __func__, IS_PROXY_STR(ctxt),
    661                                   gnutls_strerror(ret), (int) ret);
    662                 else
    663                     ap_log_cerror(APLOG_MARK, APLOG_DEBUG, 0, ctxt->c,
    664                                   "%s: TLS %sconnection closed.",
    665                                   __func__, IS_PROXY_STR(ctxt));
    666                 /* De-Initialize Session */
    667                 gnutls_deinit(ctxt->session);
    668                 ctxt->session = NULL;
    669             }
     690            /* End Of Connection, close TLS session and free
     691             * resources */
     692            mgs_bye(ctxt);
    670693            /* cleanup! */
    671694            apr_bucket_delete(bucket);
Note: See TracChangeset for help on using the changeset viewer.