[ENBD] problem of ssl
Peter T. Breuer
ptb@oboe.it.uc3m.es
Sat, 13 Jan 2001 18:21:36 +0100 (MET)
"A month of sundays ago Peter T. Breuer wrote:"
> "A month of sundays ago EO2Y wrote:"
> > I download the nbd-2.2.29 and make test of it with using ssl.It still d=
oes not work. And the certificates also get built correctly.=20
>=20
> To follow up. 2.2.26 is alright wrt SSL. 2.2.27 is not.
The definitive change for 2.2.29 is to make the nbd-server.c code around
line 547 (search for "accept, " and move down one stanza) look like:
DEBUG("accept, ");
self->sock =3D accept(self->socket, (struct sockaddr *) &addrin, &a=
ddrinlen);
if (self->sock < 0) {
MSG(=E4ccept: %m\n");
err =3D -4;
goto fail;
}
=20
+#ifdef USING_SSL
+ if (!using_ssl) {
+#endif
if (fcntl(self->sock,F_SETFL,O_NONBLOCK) < 0) {
MSG("warning: fcntl NONBLOCK failed with %m\n");
}
+#ifdef USING_SSL
+ }
+#endif
=20
printf("server opened port #%d\n",self->port);
return self->sock;
Apparently the socket when used as a basis for SSL can't be
non-blocking.
Since this is a tiny fix, I just redid the .tgz on the archive site.
I know it's cheating. I also prepared the same fix for 2.2.28 and 2.2.27
but didn't have the heart to change the .tgz's.
There might be issues with reconnection. We opt to use the SSL
reconnection facilities instead of handling it in the driver
when TRY_SSL_RECONNECT is set, but I don't recall if that's the
default.
Maybe the fix for 2.4.* will be as simple.
Peter