TLS: try to close sockets whenever there are no pending operations

This commit ensures that the underlying TCP socket of a TLS connection gets closed earlier whenever there are no pending operations on it. In the loop-manager branch, in some circumstances the connection could have remained opened for far too long for no reason. This commit ensures that will not happen.
2025-08-30 14:07:59 +00:00 · 2022-06-24 15:20:13 +03:00 · 2022-06-24 15:20:13 +03:00 · 88524e26ec
commit 88524e26ec
parent 237ce05b89
1 changed files with 22 additions and 0 deletions
--- a/lib/isc/netmgr/tlsstream.c
+++ b/lib/isc/netmgr/tlsstream.c
@ -353,6 +353,23 @@ tls_try_handshake(isc_nmsocket_t *sock) {
 	return (rv);
 }

+static bool
+tls_try_to_close_unused_socket(isc_nmsocket_t *sock) {
+	if (sock->tlsstream.state > TLS_HANDSHAKE &&
+	    sock->statichandle == NULL && sock->tlsstream.nsending == 0)
+	{
+		/*
+		 * It seems that no action on the socket has been
+		 * scheduled on some point after the handshake, let's
+		 * close the connection.
+		 */
+		isc__nmsocket_prep_destroy(sock);
+		return (true);
+	}
+
+	return (false);
+}
+
 static void
 tls_do_bio(isc_nmsocket_t *sock, isc_region_t *received_data,
 	   isc__nm_uvreq_t *send_data, bool finish) {
@ -493,6 +510,7 @@ tls_do_bio(isc_nmsocket_t *sock, isc_region_t *received_data,
 	switch (tls_status) {
 	case SSL_ERROR_NONE:
 	case SSL_ERROR_ZERO_RETURN:
+		(void)tls_try_to_close_unused_socket(sock);
 		return;
 	case SSL_ERROR_WANT_WRITE:
 		if (sock->tlsstream.nsending == 0) {
@ -504,6 +522,10 @@ tls_do_bio(isc_nmsocket_t *sock, isc_region_t *received_data,
 		}
 		return;
 	case SSL_ERROR_WANT_READ:
+		if (tls_try_to_close_unused_socket(sock)) {
+			return;
+		}
+
 		if (sock->tlsstream.reading) {
 			INSIST(VALID_NMHANDLE(sock->outerhandle));
 			isc_nm_resumeread(sock->outerhandle);