NSS: Tell NSS that our SSL sockets are nonblocking.

author Nick Mathewson <nickm@torproject.org>

Fri, 10 Jul 2020 17:14:33 +0000 (13:14 -0400)

committer Nick Mathewson <nickm@torproject.org>

Fri, 10 Jul 2020 17:14:33 +0000 (13:14 -0400)
author Nick Mathewson <nickm@torproject.org>
Fri, 10 Jul 2020 17:14:33 +0000 (13:14 -0400)
committer Nick Mathewson <nickm@torproject.org>
Fri, 10 Jul 2020 17:14:33 +0000 (13:14 -0400)
diff --git a/changes/ticket40035 b/changes/ticket40035

new file mode 100644 (file)

index 0000000..8cdd447
--- /dev/null
+++ b/changes/ticket40035
@@ -0,0 +1,5 @@
+  o Major bugfixes (NSS):
+    - When running with NSS enabled, make sure that NSS knows to expect
+      nonblocking sockets. Previously, we set our TCP sockets as blocking,
+      but did not tell NSS about the fact, which in turn could lead to
+      unexpected blocking behavior. Fixes bug 40035; bugfix on 0.3.5.1-alpha.
diff --git a/src/lib/tls/tortls_nss.c b/src/lib/tls/tortls_nss.c

index 1436442e1c254b5f8cc15fa1dbf837dd39d0290d..6f6c47674eea47cd8d9a5a521bbe6fb2798512f7 100644 (file)
--- a/src/lib/tls/tortls_nss.c
+++ b/src/lib/tls/tortls_nss.c
@@ -418,6 +418,16 @@ tor_tls_new(tor_socket_t sock, int is_server)
      return NULL;
    }
  
+  /* even if though the socket is already nonblocking, we need to tell NSS
+   * about the fact, so that it knows what to do when it says EAGAIN. */
+  PRSocketOptionData data;
+  data.option = PR_SockOpt_Nonblocking;
+  data.value.non_blocking = 1;
+  if (PR_SetSocketOption(ssl, &data) != PR_SUCCESS) {
+    PR_Close(ssl);
+    return NULL;
+  }
+
    tor_tls_t *tls = tor_malloc_zero(sizeof(tor_tls_t));
    tls->magic = TOR_TLS_MAGIC;
    tls->context = ctx;
author	Nick Mathewson <nickm@torproject.org>
	Fri, 10 Jul 2020 17:14:33 +0000 (13:14 -0400)
committer	Nick Mathewson <nickm@torproject.org>
	Fri, 10 Jul 2020 17:14:33 +0000 (13:14 -0400)
changes/ticket40035	[new file with mode: 0644]	patch \| blob
src/lib/tls/tortls_nss.c		patch \| blob \| blame \| history