iodine 0.7.39 → 0.7.40

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: ad7a8dc81e2698056037086bfd6dd2f24ee975229a928092ac039ae9c44cb0d7
4
- data.tar.gz: 84ff62b2c79efe4b0f5f1d796e27e6513bc8a29414fbd771404c814567d1138c
3
+ metadata.gz: 9e0b09518eec222b16c1740793a825c123672f3f027c7182c7fc021c9894136d
4
+ data.tar.gz: 0cf02ed5b0a11526dadf984f7d58accc434c896aa011ed3f3319f418df80c73b
5
5
  SHA512:
6
- metadata.gz: bc69044b0cac72fda7be13ffb6e039007282f07e6b2607ea23e0a97733250d1b883d5e9cee171c67095e4eebd623f04f4d9d08ee2067f5a42a923b6785e3b824
7
- data.tar.gz: b182b80a365fabaa0b97ce312f4bd2033ed28ba5a07759674cd305486f7a43ae64704da76449a84379be1a844ffe2df9396a863f4e8df5a9883d796be9fc3a91
6
+ metadata.gz: 6bbcc4ffb71aaed9efef0549b91b4da786672b000ec3b14e87106ad65421a28fe36b415ef0a0f02b9da1620c7ef057abba50e93e88bea37bc82c26a2728fd793
7
+ data.tar.gz: bfcd03eda1096833ab4315935f435f9891349830db493a74d570c7830505a4e43d5b6c6f0d143273ddb83a076174183888b4f8173dc421c23e12a645edf2006b
@@ -6,6 +6,10 @@ Please notice that this change log contains changes for upcoming releases as wel
6
6
 
7
7
  ## Changes:
8
8
 
9
+ #### Change log v.0.7.40 (2020-05-23)
10
+
11
+ **Fix**: fixed TLS logging and performance issues exposed by Franck Gille (@fgi) in issue #93.
12
+
9
13
  #### Change log v.0.7.39 (2020-05-18)
10
14
 
11
15
  **Security**: a request smuggling attack vector and Transfer Encoding attack vector in the HTTP/1.1 parser were exposed by Sam Sanoop from [the Snyk Security team (snyk.io)](https://snyk.io). The parser was updated to deal with these potential issues.
@@ -277,26 +277,6 @@ static inline fio_packet_s *fio_packet_alloc(void) {
277
277
  Core Connection Data Clearing
278
278
  ***************************************************************************** */
279
279
 
280
- /* set the minimal max_protocol_fd */
281
- static void fio_max_fd_min(uint32_t fd) {
282
- if (fio_data->max_protocol_fd > fd)
283
- return;
284
- fio_lock(&fio_data->lock);
285
- if (fio_data->max_protocol_fd < fd)
286
- fio_data->max_protocol_fd = fd;
287
- fio_unlock(&fio_data->lock);
288
- }
289
-
290
- /* set the minimal max_protocol_fd */
291
- static void fio_max_fd_shrink(void) {
292
- fio_lock(&fio_data->lock);
293
- uint32_t fd = fio_data->max_protocol_fd;
294
- while (fd && fd_data(fd).protocol == NULL)
295
- --fd;
296
- fio_data->max_protocol_fd = fd;
297
- fio_unlock(&fio_data->lock);
298
- }
299
-
300
280
  /* resets connection data, marking it as either open or closed. */
301
281
  static inline int fio_clear_fd(intptr_t fd, uint8_t is_open) {
302
282
  fio_packet_s *packet;
@@ -318,6 +298,13 @@ static inline int fio_clear_fd(intptr_t fd, uint8_t is_open) {
318
298
  .counter = fd_data(fd).counter + 1,
319
299
  .packet_last = &fd_data(fd).packet,
320
300
  };
301
+ if (fio_data->max_protocol_fd < fd) {
302
+ fio_data->max_protocol_fd = fd;
303
+ } else {
304
+ while (fio_data->max_protocol_fd &&
305
+ !fd_data(fio_data->max_protocol_fd).open)
306
+ --fio_data->max_protocol_fd;
307
+ }
321
308
  fio_unlock(&(fd_data(fd).sock_lock));
322
309
  if (rw_hooks && rw_hooks->cleanup)
323
310
  rw_hooks->cleanup(rw_udata);
@@ -336,8 +323,8 @@ static inline int fio_clear_fd(intptr_t fd, uint8_t is_open) {
336
323
  if (protocol && protocol->on_close) {
337
324
  fio_defer(deferred_on_close, (void *)fd2uuid(fd), protocol);
338
325
  }
339
- if (is_open)
340
- fio_max_fd_min(fd);
326
+ FIO_LOG_DEBUG("FD %d re-initialized (state: %p-%s).", (int)fd,
327
+ (void *)fd2uuid(fd), (is_open ? "open" : "closed"));
341
328
  return 0;
342
329
  }
343
330
 
@@ -2887,7 +2874,7 @@ void fio_close(intptr_t uuid) {
2887
2874
  }
2888
2875
  if (uuid_data(uuid).packet || uuid_data(uuid).sock_lock) {
2889
2876
  uuid_data(uuid).close = 1;
2890
- fio_poll_add_write(fio_uuid2fd(uuid));
2877
+ fio_force_event(uuid, FIO_EVENT_ON_READY);
2891
2878
  return;
2892
2879
  }
2893
2880
  fio_force_close(uuid);
@@ -3019,6 +3006,7 @@ test_errno:
3019
3006
  case ENOSPC: /* fallthrough */
3020
3007
  case EADDRNOTAVAIL: /* fallthrough */
3021
3008
  case EINTR:
3009
+ case 0:
3022
3010
  return 1;
3023
3011
  case EFAULT:
3024
3012
  FIO_LOG_ERROR("fio_flush EFAULT - possible memory address error sent to "
@@ -3032,8 +3020,8 @@ test_errno:
3032
3020
  fio_force_close(uuid);
3033
3021
  return -1;
3034
3022
  }
3035
- fprintf(stderr, "UUID error: %p (%d)\n", (void *)uuid, errno);
3036
- perror("No errno handler");
3023
+ FIO_LOG_DEBUG("UUID error: %p (%d): %s\n", (void *)uuid, errno,
3024
+ strerror(errno));
3037
3025
  return 0;
3038
3026
 
3039
3027
  invalid:
@@ -3099,6 +3087,19 @@ const fio_rw_hook_s FIO_DEFAULT_RW_HOOKS = {
3099
3087
  .cleanup = fio_hooks_default_cleanup,
3100
3088
  };
3101
3089
 
3090
+ static inline void fio_rw_hook_validate(fio_rw_hook_s *rw_hooks) {
3091
+ if (!rw_hooks->read)
3092
+ rw_hooks->read = fio_hooks_default_read;
3093
+ if (!rw_hooks->write)
3094
+ rw_hooks->write = fio_hooks_default_write;
3095
+ if (!rw_hooks->flush)
3096
+ rw_hooks->flush = fio_hooks_default_flush;
3097
+ if (!rw_hooks->before_close)
3098
+ rw_hooks->before_close = fio_hooks_default_before_close;
3099
+ if (!rw_hooks->cleanup)
3100
+ rw_hooks->cleanup = fio_hooks_default_cleanup;
3101
+ }
3102
+
3102
3103
  /**
3103
3104
  * Replaces an existing read/write hook with another from within a read/write
3104
3105
  * hook callback.
@@ -3112,19 +3113,10 @@ int fio_rw_hook_replace_unsafe(intptr_t uuid, fio_rw_hook_s *rw_hooks,
3112
3113
  int replaced = -1;
3113
3114
  uint8_t was_locked;
3114
3115
  intptr_t fd = fio_uuid2fd(uuid);
3115
- if (!rw_hooks->read)
3116
- rw_hooks->read = fio_hooks_default_read;
3117
- if (!rw_hooks->write)
3118
- rw_hooks->write = fio_hooks_default_write;
3119
- if (!rw_hooks->flush)
3120
- rw_hooks->flush = fio_hooks_default_flush;
3121
- if (!rw_hooks->before_close)
3122
- rw_hooks->before_close = fio_hooks_default_before_close;
3123
- if (!rw_hooks->cleanup)
3124
- rw_hooks->cleanup = fio_hooks_default_cleanup;
3116
+ fio_rw_hook_validate(rw_hooks);
3125
3117
  /* protect against some fulishness... but not all of it. */
3126
3118
  was_locked = fio_trylock(&fd_data(fd).sock_lock);
3127
- if (fd2uuid(fd) == uuid) {
3119
+ if (uuid_is_valid(uuid)) {
3128
3120
  fd_data(fd).rw_hooks = rw_hooks;
3129
3121
  fd_data(fd).rw_udata = udata;
3130
3122
  replaced = 0;
@@ -3138,16 +3130,7 @@ int fio_rw_hook_replace_unsafe(intptr_t uuid, fio_rw_hook_s *rw_hooks,
3138
3130
  int fio_rw_hook_set(intptr_t uuid, fio_rw_hook_s *rw_hooks, void *udata) {
3139
3131
  if (fio_is_closed(uuid))
3140
3132
  goto invalid_uuid;
3141
- if (!rw_hooks->read)
3142
- rw_hooks->read = fio_hooks_default_read;
3143
- if (!rw_hooks->write)
3144
- rw_hooks->write = fio_hooks_default_write;
3145
- if (!rw_hooks->flush)
3146
- rw_hooks->flush = fio_hooks_default_flush;
3147
- if (!rw_hooks->before_close)
3148
- rw_hooks->before_close = fio_hooks_default_before_close;
3149
- if (!rw_hooks->cleanup)
3150
- rw_hooks->cleanup = fio_hooks_default_cleanup;
3133
+ fio_rw_hook_validate(rw_hooks);
3151
3134
  intptr_t fd = fio_uuid2fd(uuid);
3152
3135
  fio_rw_hook_s *old_rw_hooks;
3153
3136
  void *old_udata;
@@ -3249,7 +3232,6 @@ static int fio_attach__internal(void *uuid_, void *protocol_) {
3249
3232
  /* adding a new uuid to the reactor */
3250
3233
  fio_poll_add(fio_uuid2fd(uuid));
3251
3234
  }
3252
- fio_max_fd_min(fio_uuid2fd(uuid));
3253
3235
  return 0;
3254
3236
 
3255
3237
  invalid_uuid:
@@ -3521,7 +3503,6 @@ static void fio_on_fork(void) {
3521
3503
  }
3522
3504
 
3523
3505
  fio_pubsub_on_fork();
3524
- fio_max_fd_shrink();
3525
3506
  uint16_t old_active = fio_data->active;
3526
3507
  fio_data->active = 0;
3527
3508
  fio_defer_perform();
@@ -3681,24 +3662,29 @@ static void fio_review_timeout(void *arg, void *ignr) {
3681
3662
  uint16_t timeout = fd_data(fd).timeout;
3682
3663
  if (!timeout)
3683
3664
  timeout = 300; /* enforced timout settings */
3684
- if (!fd_data(fd).protocol || (fd_data(fd).active + timeout >= review))
3665
+ if (!fd_data(fd).open || fd_data(fd).active + timeout >= review)
3685
3666
  goto finish;
3686
- tmp = protocol_try_lock(fd, FIO_PR_LOCK_STATE);
3687
- if (!tmp) {
3688
- if (errno == EBADF)
3689
- goto finish;
3690
- goto reschedule;
3667
+ if (fd_data(fd).protocol) {
3668
+ tmp = protocol_try_lock(fd, FIO_PR_LOCK_STATE);
3669
+ if (!tmp) {
3670
+ if (errno == EBADF)
3671
+ goto finish;
3672
+ goto reschedule;
3673
+ }
3674
+ if (prt_meta(tmp).locks[FIO_PR_LOCK_TASK] ||
3675
+ prt_meta(tmp).locks[FIO_PR_LOCK_WRITE])
3676
+ goto unlock;
3677
+ fio_defer_push_task(deferred_ping, (void *)fio_fd2uuid((int)fd), NULL);
3678
+ unlock:
3679
+ protocol_unlock(tmp, FIO_PR_LOCK_STATE);
3680
+ } else {
3681
+ /* open FD but no protocol? */
3682
+ fio_close(fd2uuid(fd));
3691
3683
  }
3692
- if (prt_meta(tmp).locks[FIO_PR_LOCK_TASK] ||
3693
- prt_meta(tmp).locks[FIO_PR_LOCK_WRITE])
3694
- goto unlock;
3695
- fio_defer_push_task(deferred_ping, (void *)fio_fd2uuid((int)fd), NULL);
3696
- unlock:
3697
- protocol_unlock(tmp, FIO_PR_LOCK_STATE);
3698
3684
  finish:
3699
3685
  do {
3700
3686
  fd++;
3701
- } while (!fd_data(fd).protocol && (fd <= fio_data->max_protocol_fd));
3687
+ } while (!fd_data(fd).open && (fd <= fio_data->max_protocol_fd));
3702
3688
 
3703
3689
  if (fio_data->max_protocol_fd < fd) {
3704
3690
  fio_data->need_review = 1;
@@ -3714,7 +3700,6 @@ static void fio_cycle_schedule_events(void) {
3714
3700
  static time_t last_to_review = 0;
3715
3701
  fio_mark_time();
3716
3702
  fio_timer_schedule();
3717
- fio_max_fd_shrink();
3718
3703
  if (fio_signal_children_flag) {
3719
3704
  /* hot restart support */
3720
3705
  fio_signal_children_flag = 0;
@@ -33,6 +33,11 @@ Feel free to copy, use and enjoy according to the license provided.
33
33
  FIO_LOG_FATAL("No supported SSL/TLS library available."); \
34
34
  exit(-1);
35
35
  #endif
36
+
37
+ #ifndef FIO_TLS_TIMEOUT
38
+ #define FIO_TLS_TIMEOUT 4
39
+ #endif
40
+
36
41
  /* STOP deleting after this line */
37
42
 
38
43
  /* *****************************************************************************
@@ -590,6 +595,7 @@ file_missing:
590
595
  */
591
596
  void FIO_TLS_WEAK fio_tls_accept(intptr_t uuid, fio_tls_s *tls, void *udata) {
592
597
  REQUIRE_LIBRARY();
598
+ fio_timeout_set(uuid, FIO_TLS_TIMEOUT);
593
599
  fio_tls_attach2uuid(uuid, tls, udata, 1);
594
600
  }
595
601
 
@@ -29,6 +29,10 @@ The SSL/TLS helper data types (can be left as is)
29
29
  #define FIO_FORCE_MALLOC_TMP 1
30
30
  #include <fio.h>
31
31
 
32
+ #ifndef FIO_TLS_TIMEOUT
33
+ #define FIO_TLS_TIMEOUT 4
34
+ #endif
35
+
32
36
  typedef struct {
33
37
  fio_str_s private_key;
34
38
  fio_str_s public_key;
@@ -190,8 +194,12 @@ typedef struct {
190
194
 
191
195
  FIO_FUNC inline void alpn_select___task(void *t_, void *ignr_) {
192
196
  alpn_task_s *t = t_;
193
- t->alpn.on_selected((fio_is_valid(t->uuid) ? t->uuid : -1),
194
- t->udata_connection, t->alpn.udata_tls);
197
+ if (fio_is_valid(t->uuid)) {
198
+ fio_timeout_set(t->uuid, 0); // remove TLS timeout
199
+ t->alpn.on_selected(t->uuid, t->udata_connection, t->alpn.udata_tls);
200
+ } else {
201
+ t->alpn.on_selected(-1, t->udata_connection, t->alpn.udata_tls);
202
+ }
195
203
  fio_free(t);
196
204
  (void)ignr_;
197
205
  }
@@ -537,19 +545,21 @@ static ssize_t fio_tls_read(intptr_t uuid, void *udata, void *buf,
537
545
  case SSL_ERROR_SSL: /* overflow */
538
546
  case SSL_ERROR_ZERO_RETURN:
539
547
  return 0; /* EOF */
548
+ case SSL_ERROR_SYSCALL: /* allow errno to inform us */
549
+ break; /* return -1 */
540
550
  case SSL_ERROR_NONE: /* overflow */
541
551
  case SSL_ERROR_WANT_CONNECT: /* overflow */
542
552
  case SSL_ERROR_WANT_ACCEPT: /* overflow */
543
553
  case SSL_ERROR_WANT_X509_LOOKUP: /* overflow */
554
+ case SSL_ERROR_WANT_WRITE: /* overflow */
555
+ case SSL_ERROR_WANT_READ: /* overflow */
544
556
  #ifdef SSL_ERROR_WANT_ASYNC
545
557
  case SSL_ERROR_WANT_ASYNC: /* overflow */
546
558
  #endif
547
- case SSL_ERROR_WANT_WRITE: /* overflow */
548
- case SSL_ERROR_WANT_READ:
549
559
  default:
560
+ errno = EWOULDBLOCK;
550
561
  break;
551
562
  }
552
- errno = EWOULDBLOCK;
553
563
  return -1;
554
564
  (void)uuid;
555
565
  }
@@ -591,19 +601,21 @@ static ssize_t fio_tls_write(intptr_t uuid, void *udata, const void *buf,
591
601
  case SSL_ERROR_SSL: /* overflow */
592
602
  case SSL_ERROR_ZERO_RETURN:
593
603
  return 0; /* EOF */
604
+ case SSL_ERROR_SYSCALL: /* allow errno to inform us */
605
+ break; /* return -1 */
594
606
  case SSL_ERROR_NONE: /* overflow */
595
607
  case SSL_ERROR_WANT_CONNECT: /* overflow */
596
608
  case SSL_ERROR_WANT_ACCEPT: /* overflow */
597
609
  case SSL_ERROR_WANT_X509_LOOKUP: /* overflow */
610
+ case SSL_ERROR_WANT_WRITE: /* overflow */
611
+ case SSL_ERROR_WANT_READ: /* overflow */
598
612
  #ifdef SSL_ERROR_WANT_ASYNC
599
613
  case SSL_ERROR_WANT_ASYNC: /* overflow */
600
614
  #endif
601
- case SSL_ERROR_WANT_WRITE: /* overflow */
602
- case SSL_ERROR_WANT_READ:
603
615
  default:
616
+ errno = EWOULDBLOCK;
604
617
  break;
605
618
  }
606
- errno = EWOULDBLOCK;
607
619
  return -1;
608
620
  (void)uuid;
609
621
  }
@@ -640,13 +652,20 @@ static void fio_tls_cleanup(void *udata) {
640
652
  static fio_rw_hook_s FIO_TLS_HOOKS = {
641
653
  .read = fio_tls_read,
642
654
  .write = fio_tls_write,
643
- .before_close = fio_tls_before_close,
644
655
  .flush = fio_tls_flush,
656
+ .before_close = fio_tls_before_close,
645
657
  .cleanup = fio_tls_cleanup,
646
658
  };
647
659
 
660
+ #define FIO_TLS_HANDSHAKE_ERROR 0
661
+ #define FIO_TLS_HANDSHAKE_OK 1
662
+ #define FIO_TLS_HANDSHAKE_NEED_READ 2
663
+ #define FIO_TLS_HANDSHAKE_NEED_WRITE 4
664
+
648
665
  static size_t fio_tls_handshake(intptr_t uuid, void *udata) {
666
+ size_t status = FIO_TLS_HANDSHAKE_ERROR;
649
667
  fio_tls_connection_s *c = udata;
668
+
650
669
  int ri;
651
670
  if (c->is_server) {
652
671
  ri = SSL_accept(c->ssl);
@@ -659,26 +678,29 @@ static size_t fio_tls_handshake(intptr_t uuid, void *udata) {
659
678
  case SSL_ERROR_NONE:
660
679
  // FIO_LOG_DEBUG("SSL_accept/SSL_connect %p state: SSL_ERROR_NONE",
661
680
  // (void *)uuid);
662
- return 0;
681
+ status = FIO_TLS_HANDSHAKE_NEED_READ | FIO_TLS_HANDSHAKE_NEED_WRITE;
682
+ return status;
663
683
  case SSL_ERROR_WANT_WRITE:
664
684
  // FIO_LOG_DEBUG("SSL_accept/SSL_connect %p state: SSL_ERROR_WANT_WRITE",
665
685
  // (void *)uuid);
666
- // fio_force_event(uuid, FIO_EVENT_ON_READY);
667
- return 0;
686
+ status = FIO_TLS_HANDSHAKE_NEED_WRITE;
687
+ return status;
668
688
  case SSL_ERROR_WANT_READ:
669
689
  // FIO_LOG_DEBUG("SSL_accept/SSL_connect %p state: SSL_ERROR_WANT_READ",
670
690
  // (void *)uuid);
671
- // fio_force_event(uuid, FIO_EVENT_ON_DATA);
672
- return 0;
691
+ status = FIO_TLS_HANDSHAKE_NEED_READ;
692
+ return status;
673
693
  case SSL_ERROR_SYSCALL:
674
- FIO_LOG_DEBUG(
675
- "SSL_accept/SSL_connect %p error: SSL_ERROR_SYSCALL, errno: %s",
676
- (void *)uuid, strerror(errno));
677
- // fio_force_event(uuid, FIO_EVENT_ON_DATA);
678
- return 0;
694
+ if (errno) {
695
+ FIO_LOG_DEBUG(
696
+ "SSL_accept/SSL_connect %p error: SSL_ERROR_SYSCALL, errno: %s",
697
+ (void *)uuid, strerror(errno));
698
+ }
699
+ break;
679
700
  case SSL_ERROR_SSL:
680
- FIO_LOG_DEBUG("SSL_accept/SSL_connect %p error: SSL_ERROR_SSL",
681
- (void *)uuid);
701
+ FIO_LOG_DEBUG(
702
+ "SSL_accept/SSL_connect %p error: SSL_ERROR_SSL (non SSL attempt?)",
703
+ (void *)uuid);
682
704
  break;
683
705
  case SSL_ERROR_ZERO_RETURN:
684
706
  FIO_LOG_DEBUG("SSL_accept/SSL_connect %p error: SSL_ERROR_ZERO_RETURN",
@@ -715,8 +737,9 @@ static size_t fio_tls_handshake(intptr_t uuid, void *udata) {
715
737
  (void *)uuid, ri);
716
738
  break;
717
739
  }
740
+ fio_rw_hook_replace_unsafe(uuid, &FIO_TLS_HOOKS, udata);
718
741
  fio_defer(fio_tls_delayed_close, (void *)uuid, NULL);
719
- return 0;
742
+ return status;
720
743
  }
721
744
  if (!c->alpn_ok) {
722
745
  c->alpn_ok = 1;
@@ -745,7 +768,7 @@ static size_t fio_tls_handshake(intptr_t uuid, void *udata) {
745
768
  } else {
746
769
  FIO_LOG_DEBUG("Something went wrong during TLS handshake for %p",
747
770
  (void *)uuid);
748
- return 0;
771
+ return status;
749
772
  }
750
773
  /* make sure the connection is re-added to the reactor */
751
774
  fio_force_event(uuid, FIO_EVENT_ON_DATA);
@@ -768,14 +791,18 @@ static size_t fio_tls_handshake(intptr_t uuid, void *udata) {
768
791
  buff2);
769
792
  }
770
793
  #endif
771
- return 1;
794
+ status = FIO_TLS_HANDSHAKE_OK;
795
+ return status;
772
796
  }
773
797
 
774
798
  static ssize_t fio_tls_read4handshake(intptr_t uuid, void *udata, void *buf,
775
799
  size_t count) {
776
800
  // FIO_LOG_DEBUG("TLS handshake from read %p", (void *)uuid);
777
- if (fio_tls_handshake(uuid, udata))
801
+ size_t s = fio_tls_handshake(uuid, udata);
802
+ if (s == FIO_TLS_HANDSHAKE_OK)
778
803
  return fio_tls_read(uuid, udata, buf, count);
804
+ if (!s)
805
+ return 0;
779
806
  errno = EWOULDBLOCK;
780
807
  return -1;
781
808
  }
@@ -783,20 +810,27 @@ static ssize_t fio_tls_read4handshake(intptr_t uuid, void *udata, void *buf,
783
810
  static ssize_t fio_tls_write4handshake(intptr_t uuid, void *udata,
784
811
  const void *buf, size_t count) {
785
812
  // FIO_LOG_DEBUG("TLS handshake from write %p", (void *)uuid);
786
- if (fio_tls_handshake(uuid, udata))
813
+ size_t s = fio_tls_handshake(uuid, udata);
814
+ if (s == FIO_TLS_HANDSHAKE_OK)
787
815
  return fio_tls_write(uuid, udata, buf, count);
816
+ if (!s)
817
+ return 0;
788
818
  errno = EWOULDBLOCK;
789
819
  return -1;
790
820
  }
791
821
 
792
822
  static ssize_t fio_tls_flush4handshake(intptr_t uuid, void *udata) {
793
823
  // FIO_LOG_DEBUG("TLS handshake from flush %p", (void *)uuid);
794
- if (fio_tls_handshake(uuid, udata)) {
824
+ size_t s = fio_tls_handshake(uuid, udata);
825
+ if (s == FIO_TLS_HANDSHAKE_OK) {
795
826
  return fio_tls_flush(uuid, udata);
796
827
  }
828
+ if (!s)
829
+ return 0;
797
830
  errno = 0;
798
- return 1;
831
+ return s | FIO_TLS_HANDSHAKE_NEED_WRITE;
799
832
  }
833
+
800
834
  static fio_rw_hook_s FIO_TLS_HANDSHAKE_HOOKS = {
801
835
  .read = fio_tls_read4handshake,
802
836
  .write = fio_tls_write4handshake,
@@ -967,6 +1001,7 @@ file_missing:
967
1001
  */
968
1002
  void FIO_TLS_WEAK fio_tls_accept(intptr_t uuid, fio_tls_s *tls, void *udata) {
969
1003
  REQUIRE_LIBRARY();
1004
+ fio_timeout_set(uuid, FIO_TLS_TIMEOUT);
970
1005
  fio_tls_attach2uuid(uuid, tls, udata, 1);
971
1006
  }
972
1007
 
@@ -1007,6 +1042,7 @@ void FIO_TLS_WEAK fio_tls_destroy(fio_tls_s *tls) {
1007
1042
  cert_ary_free(&tls->sni);
1008
1043
  trust_ary_free(&tls->trust);
1009
1044
  free(tls);
1045
+ FIO_LOG_DEBUG("freed TLS context %p", (void *)tls);
1010
1046
  }
1011
1047
 
1012
1048
  #endif /* Library compiler flags */
@@ -874,19 +874,23 @@ static uint8_t fio_http_at_capa = 0;
874
874
 
875
875
  static void http_on_server_protocol_http1(intptr_t uuid, void *set,
876
876
  void *ignr_) {
877
- fio_timeout_set(uuid, ((http_settings_s *)set)->timeout);
878
- if (fio_uuid2fd(uuid) >= ((http_settings_s *)set)->max_clients) {
879
- if (!fio_http_at_capa)
880
- FIO_LOG_WARNING("HTTP server at capacity");
881
- fio_http_at_capa = 1;
882
- http_send_error2(uuid, 503, set);
883
- fio_close(uuid);
877
+ if ((unsigned int)fio_uuid2fd(uuid) >=
878
+ ((http_settings_s *)set)->max_clients) {
879
+ if (fio_uuid2fd(uuid) != -1) {
880
+ if (!fio_http_at_capa)
881
+ FIO_LOG_WARNING("HTTP server at capacity");
882
+ fio_http_at_capa = 1;
883
+ http_send_error2(uuid, 503, set);
884
+ fio_close(uuid);
885
+ }
884
886
  return;
885
887
  }
886
888
  fio_http_at_capa = 0;
887
889
  fio_protocol_s *pr = http1_new(uuid, set, NULL, 0);
888
890
  if (!pr)
889
891
  fio_close(uuid);
892
+ else
893
+ fio_timeout_set(uuid, ((http_settings_s *)set)->timeout);
890
894
  (void)ignr_;
891
895
  }
892
896
 
@@ -786,7 +786,8 @@ fio_protocol_s *http1_new(uintptr_t uuid, http_settings_s *settings,
786
786
  if (unread_data && unread_length > HTTP_MAX_HEADER_LENGTH)
787
787
  return NULL;
788
788
  http1pr_s *p = fio_malloc(sizeof(*p) + HTTP_MAX_HEADER_LENGTH);
789
- // FIO_LOG_DEBUG("Allocated HTTP/1.1 protocol at. %p", (void *)p);
789
+ // FIO_LOG_DEBUG("Allocated HTTP/1.1 protocol %p(%d)=>%p", (void *)uuid,
790
+ // (int)fio_uuid2fd(uuid), (void *)p);
790
791
  FIO_ASSERT_ALLOC(p);
791
792
  *p = (http1pr_s){
792
793
  .p.protocol =
@@ -817,8 +818,9 @@ void http1_destroy(fio_protocol_s *pr) {
817
818
  http1pr_s *p = (http1pr_s *)pr;
818
819
  http1_pr2handle(p).status = 0;
819
820
  http_s_destroy(&http1_pr2handle(p), 0);
821
+ // FIO_LOG_DEBUG("Deallocating HTTP/1.1 protocol %p(%d)=>%p", (void
822
+ // *)p->p.uuid, (int)fio_uuid2fd(p->p.uuid), (void *)p);
820
823
  fio_free(p);
821
- // FIO_LOG_DEBUG("Deallocated HTTP/1.1 protocol at. %p", (void *)p);
822
824
  }
823
825
 
824
826
  /* *****************************************************************************
@@ -208,22 +208,8 @@ static VALUE iodine_tls_alpn(VALUE self, VALUE protocol_name) {
208
208
  }
209
209
 
210
210
  /**
211
- Loads the mustache template found in `:filename`. If `:template` is provided
212
- it will be used instead of reading the file's content.
213
-
214
- Iodine::Mustache.new(filename, template = nil)
215
-
216
- When template data is provided, filename (if any) will only be used for
217
- partial template path resolution and the template data will be used for the
218
- template's content. This allows, for example, for front matter to be extracted
219
- before parsing the template.
220
-
221
- Once a template was loaded, it could be rendered using {render}.
222
-
223
- Accepts named arguments as well:
224
-
225
- Iodine::Mustache.new(filename: "foo.mustache", template: "{{ bar }}")
226
-
211
+ Creates a new {Iodine::TLS} object and calles the {#use_certificate} method with
212
+ the supplied arguments.
227
213
  */
228
214
  static VALUE iodine_tls_new(int argc, VALUE *argv, VALUE self) {
229
215
  if (argc) {
@@ -1,3 +1,3 @@
1
1
  module Iodine
2
- VERSION = '0.7.39'.freeze
2
+ VERSION = '0.7.40'.freeze
3
3
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: iodine
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.7.39
4
+ version: 0.7.40
5
5
  platform: ruby
6
6
  authors:
7
7
  - Boaz Segev
8
8
  autorequire:
9
9
  bindir: exe
10
10
  cert_chain: []
11
- date: 2020-05-18 00:00:00.000000000 Z
11
+ date: 2020-05-23 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: rake
@@ -243,7 +243,7 @@ licenses:
243
243
  metadata:
244
244
  allowed_push_host: https://rubygems.org
245
245
  post_install_message: |-
246
- Thank you for installing Iodine 0.7.39.
246
+ Thank you for installing Iodine 0.7.40.
247
247
  Remember: if iodine supports your business, it's only fair to give value back (code contributions / donations).
248
248
  rdoc_options: []
249
249
  require_paths: