TLS: try to close sockets whenever there are no pending operations

This commit ensures that the underlying TCP socket of a TLS connection
gets closed earlier whenever there are no pending operations on it.

In the loop-manager branch, in some circumstances the connection
could have remained opened for far too long for no reason. This
commit ensures that will not happen.

diff --git a/lib/isc/netmgr/tlsstream.c b/lib/isc/netmgr/tlsstream.c
index 867267ea111110ea5cd0281ddd892b9a503669ba..69b867964b5c94281e8c380a1c61c684aa2e2e48 100644 (file)
--- a/lib/isc/netmgr/tlsstream.c
+++ b/lib/isc/netmgr/tlsstream.c
@@ -353,6 +353,23 @@ tls_try_handshake(isc_nmsocket_t *sock) {
        return (rv);
 }
 
+static bool
+tls_try_to_close_unused_socket(isc_nmsocket_t *sock) {
+       if (sock->tlsstream.state > TLS_HANDSHAKE &&
+           sock->statichandle == NULL && sock->tlsstream.nsending == 0)
+       {
+               /*
+                * It seems that no action on the socket has been
+                * scheduled on some point after the handshake, let's
+                * close the connection.
+                */
+               isc__nmsocket_prep_destroy(sock);
+               return (true);
+       }
+
+       return (false);
+}
+
 static void
 tls_do_bio(isc_nmsocket_t *sock, isc_region_t *received_data,
           isc__nm_uvreq_t *send_data, bool finish) {
@@ -493,6 +510,7 @@ tls_do_bio(isc_nmsocket_t *sock, isc_region_t *received_data,
        switch (tls_status) {
        case SSL_ERROR_NONE:
        case SSL_ERROR_ZERO_RETURN:
+               (void)tls_try_to_close_unused_socket(sock);
                return;
        case SSL_ERROR_WANT_WRITE:
                if (sock->tlsstream.nsending == 0) {
@@ -504,6 +522,10 @@ tls_do_bio(isc_nmsocket_t *sock, isc_region_t *received_data,
                }
                return;
        case SSL_ERROR_WANT_READ:
+               if (tls_try_to_close_unused_socket(sock)) {
+                       return;
+               }
+
                if (sock->tlsstream.reading) {
                        INSIST(VALID_NMHANDLE(sock->outerhandle));
                        isc_nm_resumeread(sock->outerhandle);