nnrpd -S processes not timing out

[Russ Allbery]

Raf Tordil <raf at purdue.edu> writes:

> On our INN 2.4.1 server, we allow user authentication via port 563 and
> SSL. I have xinetd configured to start the nnrpd -S process for the
> connections on 563.  I've been finding a number of idle nnrpd processes
> started by xinetd that never go away.  I can duplicate this behavior by
> using telnet to connect to port 563 on the news server and then letting
> it sit there.  The short clienttimeout of 10 seconds does not break the
> connection, nor does the 60 minute timeout I have set.  An strace on
> these processes shows that it is in a read state on a socket.

> Has anyone else noticed this behavior and/or have a fix for it?  For
> now, I've set up a shell script running out of cron that does a search
> and destroy on these processes.

Yes, this is a problem.  nnrpd will go away if the network connection goes
away, but until then it will block waiting on the client.  The problem is
that doing timeouts properly in OpenSSL is hard; OpenSSL has no internal
support for timeouts and requires that one do non-blocking IO and check
with select before doing reads and writes to be able to time out a
negotiation.

This is something that I do intend to fix, but probably in the course of
rewriting the TLS layer in INN, so my guess is that it will be a 2.5
thing.

-- 
Russ Allbery (rra at stanford.edu)             <http://www.eyrie.org/~eagle/>

    Please send questions to the list rather than mailing me directly.
     <http://www.eyrie.org/~eagle/faqs/questions.html> explains why.