Sebastian Hagedorn wrote:
> The only reason I could imagine for the sequence of calls was signal
> handling. But let's be methodical. There's only one spot where
> SSL_accept() is called: in tls_start_servertls(). In pop3d.c that's only
> called in cmd_starttls(). That in turn is called either in cmdloop (for
> handling of STLS) or in service_main() for connections to port 995.
Actually, now that I think about it, I believe SSL_accept() can be
called from SSL_read() at any time if a renegotiation is required.
Since shut_down() calls prot_fill(), which in turn can call SSL_read(),
its possible that we can get an SSL_accept() call. Before I start
hacking code, can you apply the following patch (sorry about the line
breaks) and see if I'm heading in the right direction? Let me know if
you get any of the WARNING messages in your logs.
--- prot.c.~1.93.~ 2007-11-16 11:21:56.000000000 -0500
+++ prot.c 2007-11-16 11:23:32.000000000 -0500
@@ -468,6 +468,7 @@
/* just do a SSL read instead if we're under a tls layer */
if (s->tls_conn != NULL) {
n = SSL_read(s->tls_conn, (char *) s->buf, PROT_BUFSIZE);
+ if (n <= 0) syslog(LOG_WARNING, "SSL_read() returned %d", n);
} else {
n = read(s->fd, s->buf, PROT_BUFSIZE);
}
--
Kenneth Murchison
Systems Programmer
Project Cyrus Developer/Maintainer
Carnegie Mellon University
----
Cyrus Home Page: http://cyrusimap.web.cmu.edu/
Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
