From: Artem Boldariev Date: Tue, 13 Apr 2021 15:45:10 +0000 (+0300) Subject: TLS: try to close TCP socket descriptor earlier when possible X-Git-Tag: v9.17.13~61^2~1 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=513cdb52ecd4e63566672217f7390574f68c4d2d;p=thirdparty%2Fbind9.git TLS: try to close TCP socket descriptor earlier when possible Before this fix underlying TCP sockets could remain opened for longer than it is actually required, causing unit tests to fail with lots of ISC_R_TOOMANYOPENFILES errors. The change also enables graceful SSL shutdown (before that it would happen only in the case when isc_nm_cancelread() were called). --- diff --git a/lib/isc/netmgr/tlsstream.c b/lib/isc/netmgr/tlsstream.c index 27a6bfcadb7..a682ba00f23 100644 --- a/lib/isc/netmgr/tlsstream.c +++ b/lib/isc/netmgr/tlsstream.c @@ -406,8 +406,22 @@ tls_do_bio(isc_nmsocket_t *sock, isc_region_t *received_data, region = (isc_region_t){ .base = &recv_buf[0], .length = len }; + INSIST(VALID_NMHANDLE(sock->statichandle)); sock->recv_cb(sock->statichandle, ISC_R_SUCCESS, ®ion, sock->recv_cbarg); + /* The handle could have been detached in + * sock->recv_cb, making the sock->statichandle + * nullified (it happens in netmgr.c). If it is + * the case, then it means that we are not + * interested in keeping the connection alive + * anymore. Let's shutdown the SSL session, send + * what we have in the SSL buffers, and close + * the connection. + */ + if (sock->statichandle == NULL) { + finish = true; + break; + } } } }