diff options
author | Sergey Poznyakoff <gray@gnu.org> | 2021-08-21 22:47:09 +0300 |
---|---|---|
committer | Sergey Poznyakoff <gray@gnu.org> | 2021-08-21 22:47:09 +0300 |
commit | 97dc3a446cd782e8cc7bce9b2e11806f7f49e1a4 (patch) | |
tree | 7c95659488c0db68d44d78c0637fac2621591097 | |
parent | 5ac3e04ec5ad33e1bbc6ac2334f5990ef12f2bd3 (diff) | |
download | mailutils-97dc3a446cd782e8cc7bce9b2e11806f7f49e1a4.tar.gz mailutils-97dc3a446cd782e8cc7bce9b2e11806f7f49e1a4.tar.bz2 |
imap4d: Set timeouts for I/O operations during handshake
* imap4d/io.c (io_setio): Set I/O timeout for pull functions during
the handshake.
* libmu_auth/tls.c: Fix debugging output.
* libmu_auth/tlsiostr.c (_tls_io_read): Improve error diagnostics.
-rw-r--r-- | imap4d/io.c | 27 | ||||
-rw-r--r-- | libmu_auth/tls.c | 10 | ||||
-rw-r--r-- | libmu_auth/tlsiostr.c | 25 |
3 files changed, 54 insertions, 8 deletions
diff --git a/imap4d/io.c b/imap4d/io.c index 83375540c..0eea6e7bb 100644 --- a/imap4d/io.c +++ b/imap4d/io.c @@ -70,15 +70,32 @@ io_setio (int ifd, int ofd, struct mu_tls_config *tls_conf) /* Combine the two streams into an I/O one. */ if (tls_conf) { - int rc = mu_tls_stream_create (&str, istream, ostream, - tls_conf, - MU_TLS_SERVER, - 0); + int rc; + + /* Set timeouts for TLS handshake */ + struct timeval tv; + + tv.tv_sec = 10; + tv.tv_usec = 0; + mu_stream_ioctl (istream, MU_IOCTL_TIMEOUT, MU_IOCTL_OP_SET, &tv); + mu_stream_ioctl (ostream, MU_IOCTL_TIMEOUT, MU_IOCTL_OP_SET, &tv); + + rc = mu_tls_stream_create (&str, istream, ostream, + tls_conf, + MU_TLS_SERVER, + 0); if (rc) { mu_error (_("failed to create TLS stream: %s"), mu_strerror (rc)); imap4d_bye (ERR_STREAM_CREATE); } + + /* Reset timeouts */ + tv.tv_sec = 0; + tv.tv_usec = 0; + mu_stream_ioctl (istream, MU_IOCTL_TIMEOUT, MU_IOCTL_OP_SET, &tv); + mu_stream_ioctl (ostream, MU_IOCTL_TIMEOUT, MU_IOCTL_OP_SET, &tv); + log_cipher (str); } else if (mu_iostream_create (&str, istream, ostream)) @@ -638,7 +655,7 @@ check_input_err (int rc, size_t sz) p = mu_strerror (rc); mu_diag_output (MU_DIAG_INFO, - _("error reading from input file: %s"), p); + _("error reading from input stream: %s"), p); imap4d_bye (ERR_NO_IFILE); } } diff --git a/libmu_auth/tls.c b/libmu_auth/tls.c index 7db0982b6..1deb46128 100644 --- a/libmu_auth/tls.c +++ b/libmu_auth/tls.c @@ -92,7 +92,11 @@ _tls_stream_pull (gnutls_transport_ptr_t fd, void *buf, size_t size) ; if (rc) - return -1; + { + mu_debug (MU_DEBCAT_STREAM, MU_DEBUG_ERROR, + ("_tls_stream_pull: %s", mu_stream_strerror (stream, rc))); + return -1; + } return rdbytes; } @@ -105,8 +109,8 @@ _tls_stream_push (gnutls_transport_ptr_t fd, const void *buf, size_t size) rc = mu_stream_write (stream, buf, size, &size); if (rc) { - mu_error ("_tls_stream_push: %s", - mu_stream_strerror (stream, rc)); /* FIXME */ + mu_debug (MU_DEBCAT_STREAM, MU_DEBUG_ERROR, + ("_tls_stream_push: %s", mu_stream_strerror (stream, rc))); return -1; } diff --git a/libmu_auth/tlsiostr.c b/libmu_auth/tlsiostr.c index bf05ca740..4db65d3de 100644 --- a/libmu_auth/tlsiostr.c +++ b/libmu_auth/tlsiostr.c @@ -38,6 +38,7 @@ _tls_io_read (struct _mu_stream *stream, char *buf, size_t bufsize, { struct _mu_tls_io_stream *sp = (struct _mu_tls_io_stream *) stream; ssize_t rc; + mu_transport_t t[2]; if (sp->up->state != state_open) return EINVAL; @@ -49,6 +50,30 @@ _tls_io_read (struct _mu_stream *stream, char *buf, size_t bufsize, *pnread = rc; return 0; } + + switch (rc) + { + case GNUTLS_E_PUSH_ERROR: + if (mu_stream_ioctl (sp->up->transport[1], + MU_IOCTL_TRANSPORT, MU_IOCTL_OP_GET, + &t) == 0 && + mu_stream_err (t[1])) + rc = mu_stream_last_error (t[1]); + else + rc = MU_ERR_WRITE; + return rc; + + case GNUTLS_E_PULL_ERROR: + if (mu_stream_ioctl (sp->up->transport[0], + MU_IOCTL_TRANSPORT, MU_IOCTL_OP_GET, + &t) == 0 && + mu_stream_err (t[0])) + rc = mu_stream_last_error (t[0]); + else + rc = MU_ERR_READ; + return rc; + } + sp->up->tls_err = rc; return EIO; } |