Looks like there is bug in tls code w/ fr_nonblock

With that RADSEC is not working at all. The issue is in this commit:
https://github.com/FreeRADIUS/freeradius-server/commit/b6d7249be1958d0080187846d8bab1f0fae6b857

it pretends to revert erroneously deleted lines from another commit:
https://github.com/FreeRADIUS/freeradius-server/commit/f9c2f5a55d2df71979d99708f83d52336e44ad00

The thing is that it is not only reverting deleted lines, it also adds fr_nonblock(fd) call in tls_new_client_session.
Was that done by mistake? With that SSL_connect exits immediately while we are trying to send initial Access-Request
packet in proxy_tls_send. Of course at the this time the handshake is not yet finished and SSL_connect returns with an
error.  SSL_connect will return success just on the following reads in proxy_tls_recv. But here we are in the recv
callback, handlshake is done... so what, we don't have any packet to send. I have deleted this fr_nonblock(fd) call
meanwhile.

diff --git a/src/main/tls.c b/src/main/tls.c
index 377deca08fb319699a7bf792fc00a08a5c02cf96..7d73ab13a304cabda8122adbed3bea46fc751ceb 100644 (file)
--- a/src/main/tls.c
+++ b/src/main/tls.c
@@ -539,7 +539,6 @@ tls_session_t *tls_new_client_session(TALLOC_CTX *ctx, fr_tls_server_conf_t *con
        SSL_set_ex_data(ssn->ssl, FR_TLS_EX_INDEX_SSN, (void *)ssn);
        if (certs) SSL_set_ex_data(ssn->ssl, fr_tls_ex_index_certs, (void *)certs);
 
-       fr_nonblock(fd);
        SSL_set_fd(ssn->ssl, fd);
 
        ret = SSL_connect(ssn->ssl);