Merge branch 'master' of /opt/git/kore

2016-01-18 11:27:49 +01:00 · 2016-01-18 11:27:49 +01:00 · 96641d3caa
parent 0dcd6087cf 4706c9a2b4
commit 96641d3caa
2 changed files with 31 additions and 2 deletions
--- a/conf/kore.conf.example
+++ b/conf/kore.conf.example
@ -110,8 +110,7 @@ validator	v_session	function	v_session_validate
 # Specify the TLS ciphers that will be used.
 #tls_cipher	ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK:!kRSA:!kDSA

-# If you wish to use EDH / ECDH specify a file containing
-# a generated DH key (See OpenSSL dhparam).
+# Required DH parameters for TLS.
 #tls_dhparam	dh2048.pem

 # Authentication configuration
--- a/src/net.c
+++ b/src/net.c
@ -286,6 +286,19 @@ net_write_ssl(struct connection *c, int len, int *written)
 			c->snb->flags |= NETBUF_MUST_RESEND;
 			c->flags &= ~CONN_WRITE_POSSIBLE;
 			return (KORE_RESULT_OK);
+		case SSL_ERROR_SYSCALL:
+			switch (errno) {
+			case EINTR:
+				*written = 0;
+				return (KORE_RESULT_OK);
+			case EAGAIN:
+				c->snb->flags |= NETBUF_MUST_RESEND;
+				c->flags &= ~CONN_WRITE_POSSIBLE;
+				return (KORE_RESULT_OK);
+			default:
+				break;
+			}
+			/* FALLTHROUGH */
 		default:
 			kore_debug("SSL_write(): %s", ssl_errno_s);
 			return (KORE_RESULT_ERROR);
@ -314,6 +327,19 @@ net_read_ssl(struct connection *c, int *bytes)
 		case SSL_ERROR_WANT_WRITE:
 			c->flags &= ~CONN_READ_POSSIBLE;
 			return (KORE_RESULT_OK);
+		case SSL_ERROR_SYSCALL:
+			switch (errno) {
+			case EINTR:
+				*bytes = 0;
+				return (KORE_RESULT_OK);
+			case EAGAIN:
+				c->snb->flags |= NETBUF_MUST_RESEND;
+				c->flags &= ~CONN_WRITE_POSSIBLE;
+				return (KORE_RESULT_OK);
+			default:
+				break;
+			}
+			/* FALLTHROUGH */
 		default:
 			kore_debug("SSL_read(): %s", ssl_errno_s);
 			return (KORE_RESULT_ERROR);
@ -334,6 +360,8 @@ net_write(struct connection *c, int len, int *written)
 	if (r <= -1) {
 		switch (errno) {
 		case EINTR:
+			*written = 0;
+			return (KORE_RESULT_OK);
 		case EAGAIN:
 			c->flags &= ~CONN_WRITE_POSSIBLE;
 			return (KORE_RESULT_OK);
@ -357,6 +385,8 @@ net_read(struct connection *c, int *bytes)
 	if (r <= 0) {
 		switch (errno) {
 		case EINTR:
+			*bytes = 0;
+			return (KORE_RESULT_OK);
 		case EAGAIN:
 			c->flags &= ~CONN_READ_POSSIBLE;
 			return (KORE_RESULT_OK);