From f7e676abdc799fcee5138807447b5e91ab05508f Mon Sep 17 00:00:00 2001 From: Laurent Bercot Date: Mon, 7 Dec 2020 12:53:54 +0000 Subject: Change -K semantics: timeout *during handshake*, not afterwards - the TLS tunnel itself should be transparent so it has no business shutting down the connection no matter how long the app takes - there's still an undetectable situation on some kernels where EOF doesn't get transmitted from the network, and the engine is in the handshake, and it can't do anything but wait forever. A timeout is useful here: dawg, your peer is never going to send any more data, you should just give up. - if the situation happens after the handshake, the *app* should have a timeout and die. The tunnel will follow suit. - libtls has a blocking tls_handshake() blackbox, we cannot give it a timeout. Too bad, use bearssl. --- src/tls/s6-tlsc-io.c | 3 ++- src/tls/s6-tlsd-io.c | 3 ++- 2 files changed, 4 insertions(+), 2 deletions(-) (limited to 'src/tls') diff --git a/src/tls/s6-tlsc-io.c b/src/tls/s6-tlsc-io.c index f6a0210..8629a8d 100644 --- a/src/tls/s6-tlsc-io.c +++ b/src/tls/s6-tlsc-io.c @@ -31,7 +31,8 @@ static inline void doit (int *fds, tain_t const *tto, uint32_t preoptions, uint3 strerr_diefu1sys(111, "write post-handshake data") ; fd_close(notif) ; } - stls_run(ctx, fds, tto, options, verbosity) ; + (void)tto ; + stls_run(ctx, fds, options, verbosity) ; } #else diff --git a/src/tls/s6-tlsd-io.c b/src/tls/s6-tlsd-io.c index 75bd1e4..b6621dd 100644 --- a/src/tls/s6-tlsd-io.c +++ b/src/tls/s6-tlsd-io.c @@ -31,7 +31,8 @@ static inline void doit (int *fds, tain_t const *tto, uint32_t preoptions, uint3 strerr_diefu1sys(111, "write post-handshake data") ; fd_close(notif) ; } - stls_run(ctx, fds, tto, options, verbosity) ; + (void)tto ; + stls_run(ctx, fds, options, verbosity) ; } #else -- cgit v1.3.1