On 6/25/07, Frank Sweetser <[EMAIL PROTECTED]> wrote:
> Kern Sibbald wrote:
> > OK, comment out line 578 of <bacula-source>/src/lib/tls.c that reads:
> >
> > bnet_restore_blocking(bsock, flags);
>
> I tried this, and it didn't seem to make any difference - TCP streams still
> closed out with RST. I noticed the commends in tls_bsock_shutdown about
> calling SSL_shutdown twice. I searched around a bit, and found this:
>
> http://www.openssl.org/docs/ssl/SSL_shutdown.html
>
> "It is therefore recommended, to check the return value of SSL_shutdown() and
> call SSL_shutdown() again, if the bidirectional shutdown is not yet complete
> (return value of the first call is 0)."
>
> So I tried doing this (see attached patch), and the RST was gone! All TCP
> streams closed out nicely with FIN/ACK. I've put this fix on the systems that
> have been failing, and will report back after tonight's backup run.
>
> --
> Frank Sweetser fs at wpi.edu | For every problem, there is a solution that
> WPI Network Engineer | is simple, elegant, and wrong. - HL Mencken
> GPG fingerprint = 6174 1257 129E 0D21 D8D4 E8A3 8E39 29E3 E2E8 8CEC
>
> --- bacula-2.0.3/src/lib/tls.c 2007-01-23 20:59:13.000000000 -0500
> +++ bacula-2.0.3-ssl-double-shutdown/src/lib/tls.c 2007-06-24
> 18:02:15.000000000 -0400
> @@ -561,6 +561,10 @@
>
> err = SSL_shutdown(bsock->tls->openssl);
>
> + if(err == 0){
> + err = SSL_shutdown(bsock->tls->openssl);
> + }
> +
> switch (SSL_get_error(bsock->tls->openssl, err)) {
> case SSL_ERROR_NONE:
> break;
Should that not have a sleep in there before the second call or
something? Or even be written something like:
{
int x=0;
while (x<100 && !(err = SSL_shutdown(bsock->tls->openssl))) { x++;
/*sleep here?*/}
if(x==100 && !err) { /* some error message */ }
}
I admit however that i havent read the docs and that this is just a
knee jerk thought which may be unnecessary, but i see no reason that
its guanteed that the bidirectional shutdown is concluded by the time
the second call is made.
Cheers,
Yves
--
perl -Mre=debug -e "/just|another|perl|hacker/"
-------------------------------------------------------------------------
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/
_______________________________________________
Bacula-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/bacula-devel
