imap4d: Set timeouts for I/O operations during handshake

* imap4d/io.c (io_setio): Set I/O timeout for pull functions during
the handshake.
* libmu_auth/tls.c: Fix debugging output.
* libmu_auth/tlsiostr.c (_tls_io_read): Improve error diagnostics.

3 files changed, 54 insertions, 8 deletions

diff --git a/imap4d/io.c b/imap4d/io.c
index 83375540c..0eea6e7bb 100644
--- a/imap4d/io.c
+++ b/imap4d/io.c
@@ -70,15 +70,32 @@ io_setio (int ifd, int ofd, struct mu_tls_config *tls_conf)
   /* Combine the two streams into an I/O one. */
   if (tls_conf)
     {
-      int rc = mu_tls_stream_create (&str, istream, ostream,
-				     tls_conf,
-				     MU_TLS_SERVER,
-				     0);
+      int rc;
+
+      /* Set timeouts for TLS handshake */
+      struct timeval tv;
+
+      tv.tv_sec = 10;
+      tv.tv_usec = 0;
+      mu_stream_ioctl (istream, MU_IOCTL_TIMEOUT, MU_IOCTL_OP_SET, &tv);
+      mu_stream_ioctl (ostream, MU_IOCTL_TIMEOUT, MU_IOCTL_OP_SET, &tv);
+
+      rc = mu_tls_stream_create (&str, istream, ostream,
+				 tls_conf,
+				 MU_TLS_SERVER,
+				 0);
       if (rc)
 	{
 	  mu_error (_("failed to create TLS stream: %s"), mu_strerror (rc));
 	  imap4d_bye (ERR_STREAM_CREATE);
 	}
+
+      /* Reset timeouts */
+      tv.tv_sec = 0;
+      tv.tv_usec = 0;
+      mu_stream_ioctl (istream, MU_IOCTL_TIMEOUT, MU_IOCTL_OP_SET, &tv);
+      mu_stream_ioctl (ostream, MU_IOCTL_TIMEOUT, MU_IOCTL_OP_SET, &tv);
+
       log_cipher (str);
     }
   else if (mu_iostream_create (&str, istream, ostream))
@@ -638,7 +655,7 @@ check_input_err (int rc, size_t sz)
 	  p = mu_strerror (rc);
 
 	mu_diag_output (MU_DIAG_INFO,
-			_("error reading from input file: %s"), p);
+			_("error reading from input stream: %s"), p);
 	imap4d_bye (ERR_NO_IFILE);
       }
     }
diff --git a/libmu_auth/tls.c b/libmu_auth/tls.c
index 7db0982b6..1deb46128 100644
--- a/libmu_auth/tls.c
+++ b/libmu_auth/tls.c
@@ -92,7 +92,11 @@ _tls_stream_pull (gnutls_transport_ptr_t fd, void *buf, size_t size)
     ;
   
   if (rc)
-    return -1;
+    {
+      mu_debug (MU_DEBCAT_STREAM, MU_DEBUG_ERROR,
+		("_tls_stream_pull: %s", mu_stream_strerror (stream, rc)));
+      return -1;
+    }
   return rdbytes;
 }
 
@@ -105,8 +109,8 @@ _tls_stream_push (gnutls_transport_ptr_t fd, const void *buf, size_t size)
   rc = mu_stream_write (stream, buf, size, &size);
   if (rc)
     {
-      mu_error ("_tls_stream_push: %s",
-		mu_stream_strerror (stream, rc)); /* FIXME */
+      mu_debug (MU_DEBCAT_STREAM, MU_DEBUG_ERROR,
+		("_tls_stream_push: %s", mu_stream_strerror (stream, rc)));
       return -1;
     }
 
diff --git a/libmu_auth/tlsiostr.c b/libmu_auth/tlsiostr.c
index bf05ca740..4db65d3de 100644
--- a/libmu_auth/tlsiostr.c
+++ b/libmu_auth/tlsiostr.c
@@ -38,6 +38,7 @@ _tls_io_read (struct _mu_stream *stream, char *buf, size_t bufsize,
 {
   struct _mu_tls_io_stream *sp = (struct _mu_tls_io_stream *) stream;
   ssize_t rc;
+  mu_transport_t t[2];
   
   if (sp->up->state != state_open)
     return EINVAL;
@@ -49,6 +50,30 @@ _tls_io_read (struct _mu_stream *stream, char *buf, size_t bufsize,
       *pnread = rc;
       return 0;
     }
+
+  switch (rc)
+    {
+    case GNUTLS_E_PUSH_ERROR:
+      if (mu_stream_ioctl (sp->up->transport[1],
+			   MU_IOCTL_TRANSPORT, MU_IOCTL_OP_GET,
+			   &t) == 0 &&
+	  mu_stream_err (t[1]))
+	rc = mu_stream_last_error (t[1]);
+      else
+	rc = MU_ERR_WRITE;
+      return rc;
+      
+    case GNUTLS_E_PULL_ERROR:
+      if (mu_stream_ioctl (sp->up->transport[0],
+			   MU_IOCTL_TRANSPORT, MU_IOCTL_OP_GET,
+			   &t) == 0 &&
+	  mu_stream_err (t[0]))
+	rc = mu_stream_last_error (t[0]);
+      else
+	rc = MU_ERR_READ;
+      return rc;
+    }
+
   sp->up->tls_err = rc;
   return EIO;
 }