diff options
author | Todd C. Miller <Todd.Miller@sudo.ws> | 2021-04-26 17:05:34 -0600 |
---|---|---|
committer | Todd C. Miller <Todd.Miller@sudo.ws> | 2021-04-26 17:05:34 -0600 |
commit | 2a04571252760229b0683f89415f0be0adefe3cf (patch) | |
tree | f0c42ef0fc0e49b16c6bc39c52e2a2f24a39a292 /logsrvd/logsrvd.c | |
parent | f1ba74f925e404b1bc6583bba8b101456d3355d4 (diff) | |
download | sudo-2a04571252760229b0683f89415f0be0adefe3cf.tar.gz |
Recover if the client or relay server closes the TLS connection uncleanly.
The other end of the connection should perform a proper TLS shutdown
but as long as we are in the correct state there is no need to treat
this as a user-visible error.
Diffstat (limited to 'logsrvd/logsrvd.c')
-rw-r--r-- | logsrvd/logsrvd.c | 15 |
1 files changed, 12 insertions, 3 deletions
diff --git a/logsrvd/logsrvd.c b/logsrvd/logsrvd.c index 12ec8a8e5..c4d3c0edf 100644 --- a/logsrvd/logsrvd.c +++ b/logsrvd/logsrvd.c @@ -122,6 +122,8 @@ connection_closure_free(struct connection_closure *closure) #if defined(HAVE_OPENSSL) sudo_ev_free(closure->ssl_accept_ev); if (closure->ssl != NULL) { + sudo_debug_printf(SUDO_DEBUG_INFO|SUDO_DEBUG_LINENO, + "closing down TLSÂ connection from %s", closure->ipaddr); SSL_shutdown(closure->ssl); SSL_free(closure->ssl); } @@ -1268,10 +1270,17 @@ client_msg_cb(int fd, int what, void *v) closure->read_instead_of_write = true; debug_return; case SSL_ERROR_SYSCALL: + if (nread == 0) { + /* EOF, handled below */ + sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, + "EOF from %s without proper TLS shutdown", + closure->ipaddr); + break; + } sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, - "unexpected error during SSL_read(): %d (%s)", - err, strerror(errno)); - goto close_connection; + "SSL_read from %s: %s", closure->ipaddr, + strerror(errno)); + goto close_connection; default: sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, "unexpected error during SSL_read(): %d (%s)", |