From dddbfab568d42e443f102d35c84432824cc59fee Mon Sep 17 00:00:00 2001 From: Laurent Bercot Date: Wed, 22 Mar 2017 21:37:30 +0000 Subject: Fix case where s6-tls[cd] would sometimes not detect an application and remain there forever with its zombie, both condemned to err in limbo for all eternity, the living and the dead, hand in hand --- doc/libsbearssl/index.html | 26 +++++++----- doc/libstls/index.html | 24 +++++++---- package/deps.mak | 13 +++--- src/include/s6-networking/sbearssl.h | 2 +- src/include/s6-networking/stls.h | 2 +- src/sbearssl/deps-lib/sbearssl | 2 +- src/sbearssl/sbearssl-internal.h | 2 +- src/sbearssl/sbearssl_clean_tls_and_spawn.c | 21 ---------- src/sbearssl/sbearssl_prep_spawn_drop.c | 35 ++++++++++++++++ src/sbearssl/sbearssl_run.c | 60 ++++++++++++++++++++------- src/sbearssl/sbearssl_s6tlsc.c | 29 +++++-------- src/sbearssl/sbearssl_s6tlsd.c | 34 ++++++---------- src/stls/deps-lib/stls | 2 +- src/stls/stls-internal.h | 2 +- src/stls/stls_clean_tls_and_spawn.c | 21 ---------- src/stls/stls_prep_spawn_drop.c | 35 ++++++++++++++++ src/stls/stls_run.c | 63 ++++++++++++++++++++++------- src/stls/stls_s6tlsc.c | 20 +++------ src/stls/stls_s6tlsd.c | 19 +++------ 19 files changed, 243 insertions(+), 169 deletions(-) delete mode 100644 src/sbearssl/sbearssl_clean_tls_and_spawn.c create mode 100644 src/sbearssl/sbearssl_prep_spawn_drop.c delete mode 100644 src/stls/stls_clean_tls_and_spawn.c create mode 100644 src/stls/stls_prep_spawn_drop.c diff --git a/doc/libsbearssl/index.html b/doc/libsbearssl/index.html index 1c797c7..20cdb06 100644 --- a/doc/libsbearssl/index.html +++ b/doc/libsbearssl/index.html @@ -473,23 +473,28 @@ i.e. a tai_t plus nanoseconds (which are simply ignored).

Running the TLS/SSL engine (both clients and servers)

-

int sbearssl_run (br_ssl_engine_context *ctx, int *fds, unsigned int verbosity, uint32_t options, tain_t const *tto)

+

int sbearssl_run (br_ssl_engine_context *ctx, int *fds, pid_t pid, unsigned int verbosity, uint32_t options, tain_t const *tto)

This function runs a full-duplex TLS/SSL engine, reading/writing clear text from/to two file descriptors, and writing/reading ciphertext to/from two other file descriptors, until the connection is closed both ways (either with a SSL close, or -with EOF). +with EOF) or a given subprocess dies.