return 0;
}
-printf("SSL connection using %s\n", SSL_get_cipher (*ssl));
+/* printf("SSL connection using %s\n", SSL_get_cipher (*ssl)); */
return 1;
}
nextinput:
if (*inptr == 0) /* Refill input buffer */
{
+ unsigned char *inbufferp = inbuffer;
+
alarm(timeout);
- if (srv->tls_active)
- {
+ for (;;)
+ {
+ if (srv->tls_active)
+ {
#ifdef HAVE_OPENSSL
- int error;
- DEBUG { printf("call SSL_read\n"); fflush(stdout); }
- rc = SSL_read(srv->ssl, inbuffer, bsiz - 1);
- DEBUG { printf("SSL_read: %d\n", rc); fflush(stdout); }
- if (rc <= 0)
- switch (error = SSL_get_error(srv->ssl, rc))
- {
- case SSL_ERROR_ZERO_RETURN:
- break;
- case SSL_ERROR_SYSCALL:
- printf("%s\n", ERR_error_string(ERR_get_error(), NULL));
- rc = -1;
- break;
- case SSL_ERROR_SSL:
- printf("%s\nTLS terminated\n", ERR_error_string(ERR_get_error(), NULL));
- SSL_shutdown(srv->ssl);
- SSL_free(srv->ssl);
- srv->tls_active = FALSE;
- { /* OpenSSL leaves it in restartsys mode */
- struct sigaction act = {.sa_handler = sigalrm_handler_flag, .sa_flags = 0};
- sigalrm_seen = 1;
- sigaction(SIGALRM, &act, NULL);
+ int error;
+ DEBUG { printf("call SSL_read\n"); fflush(stdout); }
+ rc = SSL_read(srv->ssl, inbufferp, bsiz - (inbufferp - inbuffer) - 1);
+ DEBUG { printf("SSL_read: %d\n", rc); fflush(stdout); }
+ if (rc <= 0)
+ switch (error = SSL_get_error(srv->ssl, rc))
+ {
+ case SSL_ERROR_ZERO_RETURN:
+ break;
+ case SSL_ERROR_SYSCALL:
+ printf("%s\n", ERR_error_string(ERR_get_error(), NULL));
+ rc = -1;
+ break;
+ case SSL_ERROR_SSL:
+ printf("%s\nTLS terminated\n", ERR_error_string(ERR_get_error(), NULL));
+ SSL_shutdown(srv->ssl);
+ SSL_free(srv->ssl);
+ srv->tls_active = FALSE;
+ { /* OpenSSL leaves it in restartsys mode */
+ struct sigaction act = {.sa_handler = sigalrm_handler_flag, .sa_flags = 0};
+ sigalrm_seen = 1;
+ sigaction(SIGALRM, &act, NULL);
+ }
+ *inptr = 0;
+ DEBUG { printf("go round\n"); fflush(stdout); }
+ goto nextinput;
+ default:
+ printf("SSL error code %d\n", error);
}
- *inptr = 0;
- DEBUG { printf("go round\n"); fflush(stdout); }
- goto nextinput;
- default:
- printf("SSL error code %d\n", error);
- }
#endif
#ifdef HAVE_GNUTLS
- rc = gnutls_record_recv(tls_session, CS inbuffer, bsiz - 1);
+ retry1:
+ DEBUG { printf("call gnutls_record_recv\n"); fflush(stdout); }
+ rc = gnutls_record_recv(tls_session, CS inbufferp, bsiz - (inbufferp - inbuffer) - 1);
+ if (rc < 0)
+ {
+ DEBUG { printf("gnutls_record_recv: %s\n", gnutls_strerror(rc)); fflush(stdout); }
+ if (rc == GNUTLS_E_INTERRUPTED || rc == GNUTLS_E_AGAIN)
+ goto retry1;
+ printf("%s\n", gnutls_strerror(rc));
+ srv->tls_active = FALSE;
+ *inptr = 0;
+ DEBUG { printf("go round\n"); fflush(stdout); }
+ goto nextinput;
+ }
+ DEBUG { printf("gnutls_record_recv: %d\n", rc); fflush(stdout); }
#endif
- }
- else
- {
- DEBUG { printf("call read\n"); fflush(stdout); }
- rc = read(srv->sock, inbuffer, bsiz);
- DEBUG { printf("read: %d\n", rc); fflush(stdout); }
+ }
+ else
+ {
+ DEBUG { printf("call read\n"); fflush(stdout); }
+ rc = read(srv->sock, inbufferp, bsiz - (inbufferp - inbuffer) - 1);
+ DEBUG { printf("read: %d\n", rc); fflush(stdout); }
+ }
+
+ if (rc > 0) inbufferp[rc] = '\0';
+ if (rc <= 0 || strchr(inbufferp, '\n')) break;
+ inbufferp += rc;
+ if (inbufferp >= inbuffer + bsiz)
+ {
+ printf("Input buffer overrun, need more than %d bytes input buffer\n", bsiz);
+ exit(73);
+ }
+ DEBUG { printf("read more\n"); }
}
alarm(0);
{
if (errno == EINTR && sigalrm_seen && resp_optional)
continue; /* next scriptline */
- printf("Read error %s\n", strerror(errno));
+ printf("Read error: %s\n", strerror(errno));
exit(81);
}
else if (rc == 0)
exit(74);
}
else
- {
- inbuffer[rc] = 0;
inptr = inbuffer;
- }
}
DEBUG { printf("read: '%s'\n", inptr); fflush(stdout); }
#ifdef HAVE_GNUTLS
{
int rc;
+ fd_set rfd;
+ struct timeval tv = { 0, 2000 };
+
sigalrm_seen = FALSE;
alarm(timeout);
do {
alarm(0);
if (!srv->tls_active) printf("%s\n", gnutls_strerror(rc));
+
+ /* look for an error on the TLS conn */
+ FD_ZERO(&rfd);
+ FD_SET(srv->sock, &rfd);
+ if (select(srv->sock+1, &rfd, NULL, NULL, &tv) > 0)
+ {
+ retry2:
+ DEBUG { printf("call gnutls_record_recv\n"); fflush(stdout); }
+ rc = gnutls_record_recv(tls_session, CS inbuffer, bsiz - 1);
+ if (rc < 0)
+ {
+ DEBUG { printf("gnutls_record_recv: %s\n", gnutls_strerror(rc)); fflush(stdout); }
+ if (rc == GNUTLS_E_INTERRUPTED || rc == GNUTLS_E_AGAIN)
+ goto retry2;
+ printf("%s\n", gnutls_strerror(rc));
+ srv->tls_active = FALSE;
+ }
+ DEBUG { printf("gnutls_record_recv: %d\n", rc); fflush(stdout); }
+ }
}
#endif
srv_ctx srv;
-unsigned char inbuffer[10240];
+unsigned char inbuffer[100 * 1024];
unsigned char *inptr = inbuffer;
*inptr = 0; /* Buffer empty */
#if HAVE_IPV6
if (host_af == AF_INET6)
{
+# ifdef HAVE_GETADDRINFO
+ struct addrinfo hints, *res;
+ memset(&hints, 0, sizeof(hints));
+ hints.ai_family = AF_INET6;
+ hints.ai_socktype = SOCK_STREAM;
+ hints.ai_flags = AI_NUMERICHOST;
+ if ((rc = getaddrinfo(address, NULL, &hints, &res)) != 0 || res == NULL)
+ {
+ printf("unable to parse \"%s\" as an IP address: %s\n", address,
+ rc == 0 ? "NULL result returned" : gai_strerror(rc));
+ exit(86);
+ }
+ memcpy(&s_in6, res->ai_addr, res->ai_addrlen);
+ freeaddrinfo(res);
+# else
memset(&s_in6, 0, sizeof(s_in6));
s_in6.sin6_family = AF_INET6;
- s_in6.sin6_port = htons(port);
if (inet_pton(host_af, address, &s_in6.sin6_addr) != 1)
{
printf("Unable to parse \"%s\"", address);
exit(86);
}
+# endif
+ s_in6.sin6_port = htons(port);
}
else
#endif
projects / exim.git / blobdiff