[OpenSIPS-Devel] [OpenSIPS/opensips] 58977a: tls_openssl: fix openssl_tls_async_connect

Liviu Chircu noreply at github.com
Thu Apr 17 18:20:10 UTC 2025 

  Branch: refs/heads/master
  Home:   https://github.com/OpenSIPS/opensips
  Commit: 58977a99484120d32e1bf7968a54c140e6465e78
      https://github.com/OpenSIPS/opensips/commit/58977a99484120d32e1bf7968a54c140e6465e78
  Author: Your Name <your-email at example.com>
  Date:   2024-07-22 (Mon, 22 Jul 2024)

  Changed paths:
    M modules/tls_openssl/openssl_conn_ops.c

  Log Message:
  -----------
  tls_openssl: fix openssl_tls_async_connect

The `fd` value here is used with `poll()`/`select()` in the event that `SSL_connect()`
gives an `SSL_ERROR_WANT_WRITE` error. So we need to be polling/selecting on the fd that
is used by the underlying socket, which is the fd passed as an argument to the function,
rather than `con->fd`.

It seems to me that `handle_io()` updates `con->fd` to match the received fd number only
when the socket wants reading and not when it wants writing. When the socket wants writing
the correct fd to use is the one that is passed in the function argument, not the one
that is in `con->fd`.

The reasons this mostly worked before are:

1.  on a box that is not heavily-loaded you often end up with the same worker setting up
    the TLS session as opened the socket in the first place, so the fd in `con->fd happens
    to be correct.
2.  if `SSL_connect()` happily connects straight away, without an `SSL_ERROR_WANT_WRITE`,
    then you never run into a code path that uses the value in `fd` anyway.


  Commit: 3ee5b4fad0242732c731686ff7ff106849c6c8ef
      https://github.com/OpenSIPS/opensips/commit/3ee5b4fad0242732c731686ff7ff106849c6c8ef
  Author: Liviu Chircu <liviu at opensips.org>
  Date:   2025-04-17 (Thu, 17 Apr 2025)

  Changed paths:
    M modules/tls_openssl/openssl_conn_ops.c

  Log Message:
  -----------
  Merge pull request #3438 from jes/jes/fix-tls-async-connect-fd

tls_openssl: fix openssl_tls_async_connect


Compare: https://github.com/OpenSIPS/opensips/compare/6b2932908efd...3ee5b4fad024

To unsubscribe from these emails, change your notification settings at https://github.com/OpenSIPS/opensips/settings/notifications

More information about the Devel mailing list