INN commit: trunk/nnrpd (tls.c)
INN Commit
Russ_Allbery at isc.org
Mon May 19 17:10:03 UTC 2008
Date: Monday, May 19, 2008 @ 10:10:02
Author: iulius
Revision: 7834
Implementation on systems that support it of SO_KEEPALIVE in SSL
TCP connections, allowing system detection and closing the dead
TCP SSL connections automatically after system-specified time
(usually at least 2 hours as recommended by RFC (on Linux, see
/proc/sys/net/ipv4/tcp_keepalive_*).
Thanks to Matija Nalis for the patch.
Modified:
trunk/nnrpd/tls.c
-------+
tls.c | 9 +++++++++
1 file changed, 9 insertions(+)
Modified: tls.c
===================================================================
--- tls.c 2008-05-18 20:04:35 UTC (rev 7833)
+++ tls.c 2008-05-19 17:10:02 UTC (rev 7834)
@@ -574,6 +574,7 @@
tls_start_servertls(int readfd, int writefd)
{
int sts;
+ int keepalive;
SSL_SESSION *session;
SSL_CIPHER *cipher;
@@ -596,6 +597,14 @@
}
SSL_clear(tls_conn);
+#if defined(SOL_SOCKET) && defined(SO_KEEPALIVE)
+ /* Set KEEPALIVE to catch broken socket connections. */
+ keepalive = 1;
+ if (setsockopt(readfd, SOL_SOCKET, SO_KEEPALIVE, &keepalive, sizeof(keepalive)) < 0)
+ syslog(L_ERROR, "fd %d can't setsockopt(KEEPALIVE) %m", readfd);
+ if (setsockopt(writefd, SOL_SOCKET, SO_KEEPALIVE, &keepalive, sizeof(keepalive)) < 0)
+ syslog(L_ERROR, "fd %d can't setsockopt(KEEPALIVE) %m", writefd);
+#endif /* SOL_SOCKET && SO_KEEPALIVE */
/* set the file descriptors for SSL to use */
if (SSL_set_rfd(tls_conn, readfd)==0)
More information about the inn-committers
mailing list