From 88524e26ecae286bf62d4a4b5535c70ccff1573d Mon Sep 17 00:00:00 2001 From: Artem Boldariev Date: Fri, 24 Jun 2022 15:20:13 +0300 Subject: [PATCH] TLS: try to close sockets whenever there are no pending operations This commit ensures that the underlying TCP socket of a TLS connection gets closed earlier whenever there are no pending operations on it. In the loop-manager branch, in some circumstances the connection could have remained opened for far too long for no reason. This commit ensures that will not happen. --- lib/isc/netmgr/tlsstream.c | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) diff --git a/lib/isc/netmgr/tlsstream.c b/lib/isc/netmgr/tlsstream.c index 867267ea11..69b867964b 100644 --- a/lib/isc/netmgr/tlsstream.c +++ b/lib/isc/netmgr/tlsstream.c @@ -353,6 +353,23 @@ tls_try_handshake(isc_nmsocket_t *sock) { return (rv); } +static bool +tls_try_to_close_unused_socket(isc_nmsocket_t *sock) { + if (sock->tlsstream.state > TLS_HANDSHAKE && + sock->statichandle == NULL && sock->tlsstream.nsending == 0) + { + /* + * It seems that no action on the socket has been + * scheduled on some point after the handshake, let's + * close the connection. + */ + isc__nmsocket_prep_destroy(sock); + return (true); + } + + return (false); +} + static void tls_do_bio(isc_nmsocket_t *sock, isc_region_t *received_data, isc__nm_uvreq_t *send_data, bool finish) { @@ -493,6 +510,7 @@ tls_do_bio(isc_nmsocket_t *sock, isc_region_t *received_data, switch (tls_status) { case SSL_ERROR_NONE: case SSL_ERROR_ZERO_RETURN: + (void)tls_try_to_close_unused_socket(sock); return; case SSL_ERROR_WANT_WRITE: if (sock->tlsstream.nsending == 0) { @@ -504,6 +522,10 @@ tls_do_bio(isc_nmsocket_t *sock, isc_region_t *received_data, } return; case SSL_ERROR_WANT_READ: + if (tls_try_to_close_unused_socket(sock)) { + return; + } + if (sock->tlsstream.reading) { INSIST(VALID_NMHANDLE(sock->outerhandle)); isc_nm_resumeread(sock->outerhandle);