Commit 98b9d23d authored by deuce's avatar deuce
Browse files

Ignore "normal" errors from cryptlib (TIMEOUT, COMPLETE), and supress some

cause by Chromiums love of dropping a connection rather than an orderly
shutdown.

Since we're dealing with that fallout, lower the read timeout to 1 second
since we select() first anyway.
parent 97938dfc
......@@ -558,15 +558,21 @@ static int writebuf(http_session_t *session, const char *buf, size_t len)
return(sent);
}
#define HANDLE_CRYPT_CALL(status, session) handle_crypt_call(status, session, __FILE__, __LINE__)
#define HANDLE_CRYPT_CALL(status, session) handle_crypt_call_except2(status, session, CRYPT_OK, CRYPT_OK, __FILE__, __LINE__)
#define HANDLE_CRYPT_CALL_EXCEPT(status, ignore, session) handle_crypt_call_except2(status, session, ignore, ignore, __FILE__, __LINE__)
#define HANDLE_CRYPT_CALL_EXCEPT2(status, ignore, ignore2, session) handle_crypt_call_except2(status, session, ignore, ignore2, __FILE__, __LINE__)
static BOOL handle_crypt_call(int status, http_session_t *session, const char *file, int line)
static BOOL handle_crypt_call_except2(int status, http_session_t *session, int ignore, int ignore2, const char *file, int line)
{
char *estr = NULL;
int sock = 0;
if (status == CRYPT_OK)
return TRUE;
if (status == ignore)
return FALSE;
if (status == ignore2)
return FALSE;
if (session != NULL) {
if (session->is_tls)
estr = get_crypt_error(session->tls_sess);
......@@ -629,12 +635,16 @@ static int sess_sendbuf(http_session_t *session, const char *buf, size_t len, BO
status = cryptPushData(session->tls_sess, buf+sent, len-sent, &tls_sent);
if (status == CRYPT_ERROR_TIMEOUT) {
tls_sent = 0;
if(!cryptStatusOK(cryptPopData(session->tls_sess, "", 0, &status)))
lprintf(LOG_NOTICE,"%04d Cryptlib error popping data after timeout",session->socket);
if(!cryptStatusOK(status=cryptPopData(session->tls_sess, "", 0, &status))) {
if (status != CRYPT_ERROR_TIMEOUT && status != CRYPT_ERROR_PARAM2)
lprintf(LOG_NOTICE,"%04d Cryptlib error %d popping data after timeout",session->socket, status);
if (failed)
*failed=TRUE;
}
status = CRYPT_OK;
}
if(!HANDLE_CRYPT_CALL(status, session)) {
HANDLE_CRYPT_CALL(cryptFlushData(session->tls_sess), session);
HANDLE_CRYPT_CALL_EXCEPT(cryptFlushData(session->tls_sess), CRYPT_ERROR_COMPLETE, session);
if (failed)
*failed=TRUE;
return tls_sent;
......@@ -980,13 +990,21 @@ static int close_session_socket(http_session_t *session)
if (session->is_tls) {
// First, wait for the ringbuffer to drain...
len = 1;
while(RingBufFull(&session->outbuf) && session->socket!=INVALID_SOCKET) {
HANDLE_CRYPT_CALL(cryptPopData(session->tls_sess, buf, 1, &len), session);
if (len) {
if (cryptPopData(session->tls_sess, buf, 1, &len) != CRYPT_OK)
len = 0;
}
SLEEP(1);
}
// Now wait for tranmission to complete
len = 1;
while(pthread_mutex_trylock(&session->outbuf_write) == EBUSY) {
HANDLE_CRYPT_CALL(cryptPopData(session->tls_sess, buf, 1, &len), session);
if (len) {
if (cryptPopData(session->tls_sess, buf, 1, &len) != CRYPT_OK)
len = 0;
}
SLEEP(1);
}
pthread_mutex_unlock(&session->outbuf_write);
......@@ -1979,15 +1997,15 @@ static named_string_t** read_ini_list(char* path, char* section, char* desc
static int sess_recv(http_session_t *session, char *buf, size_t length, int flags)
{
int len;
int len=0;
if (session->is_tls) {
if (flags == MSG_PEEK) {
if (session->peeked_valid) {
buf[0] = session->peeked;
return 1;
}
if (HANDLE_CRYPT_CALL(cryptPopData(session->tls_sess, &session->peeked, 1, &len), session)) {
if (HANDLE_CRYPT_CALL_EXCEPT2(cryptPopData(session->tls_sess, &session->peeked, 1, &len), CRYPT_ERROR_TIMEOUT, CRYPT_ERROR_COMPLETE, session)) {
if (len == 1) {
session->peeked_valid = TRUE;
buf[0] = session->peeked;
......@@ -2003,9 +2021,10 @@ static int sess_recv(http_session_t *session, char *buf, size_t length, int flag
session->peeked_valid = FALSE;
return 1;
}
if (HANDLE_CRYPT_CALL(cryptPopData(session->tls_sess, buf, length, &len), session)) {
if (HANDLE_CRYPT_CALL_EXCEPT2(cryptPopData(session->tls_sess, buf, length, &len), CRYPT_ERROR_TIMEOUT, CRYPT_ERROR_COMPLETE, session)) {
if (len == 0) {
session->tls_pending = FALSE;
len = -1;
}
return len;
}
......@@ -6203,6 +6222,7 @@ void http_session_thread(void* arg)
setsockopt(session.socket,IPPROTO_TCP,TCP_NODELAY,(char*)&nodelay,sizeof(nodelay));
HANDLE_CRYPT_CALL(cryptSetAttribute(session.tls_sess, CRYPT_SESSINFO_NETWORKSOCKET, session.socket), &session);
HANDLE_CRYPT_CALL(cryptSetAttribute(session.tls_sess, CRYPT_OPTION_NET_READTIMEOUT, 1), &session);
if (!HANDLE_CRYPT_CALL(cryptSetAttribute(session.tls_sess, CRYPT_SESSINFO_ACTIVE, 1), &session)) {
close_session_no_rb(&session);
thread_down();
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment