git.ipfire.org Git - thirdparty/freeradius-server.git/commit

author	Vadim Cargatser <vcargats@cisco.com>
	Wed, 24 Mar 2021 15:22:25 +0000 (17:22 +0200)
committer	Alan T. DeKok <aland@freeradius.org>
	Thu, 1 Apr 2021 21:22:54 +0000 (17:22 -0400)
commit	8939e793b68bf9dc770fd7db6aeb851bedbaa515
tree	78a7e28aaf66334657140e072cb2b277f5a4a177	tree
parent	c8eef2f76c4a91e8806a7973aacba1b8b2ed3926	commit \| diff

Looks like there is bug in tls code w/ fr_nonblock

With that RADSEC is not working at all. The issue is in this commit:
https://github.com/FreeRADIUS/freeradius-server/commit/b6d7249be1958d0080187846d8bab1f0fae6b857

it pretends to revert erroneously deleted lines from another commit:
https://github.com/FreeRADIUS/freeradius-server/commit/f9c2f5a55d2df71979d99708f83d52336e44ad00

The thing is that it is not only reverting deleted lines, it also adds fr_nonblock(fd) call in tls_new_client_session.
Was that done by mistake? With that SSL_connect exits immediately while we are trying to send initial Access-Request
packet in proxy_tls_send. Of course at the this time the handshake is not yet finished and SSL_connect returns with an
error. SSL_connect will return success just on the following reads in proxy_tls_recv. But here we are in the recv
callback, handlshake is done... so what, we don't have any packet to send. I have deleted this fr_nonblock(fd) call
meanwhile.