On Monday 25 June 2007 10:14, demerphq wrote: > On 6/25/07, Frank Sweetser <[EMAIL PROTECTED]> wrote: > > Kern Sibbald wrote: > > > OK, comment out line 578 of <bacula-source>/src/lib/tls.c that reads: > > > > > > bnet_restore_blocking(bsock, flags); > > > > I tried this, and it didn't seem to make any difference - TCP streams still > > closed out with RST. I noticed the commends in tls_bsock_shutdown about > > calling SSL_shutdown twice. I searched around a bit, and found this: > > > > http://www.openssl.org/docs/ssl/SSL_shutdown.html > > > > "It is therefore recommended, to check the return value of SSL_shutdown() and > > call SSL_shutdown() again, if the bidirectional shutdown is not yet complete > > (return value of the first call is 0)." > > > > So I tried doing this (see attached patch), and the RST was gone! All TCP > > streams closed out nicely with FIN/ACK. I've put this fix on the systems that > > have been failing, and will report back after tonight's backup run. > > > > -- > > Frank Sweetser fs at wpi.edu | For every problem, there is a solution that > > WPI Network Engineer | is simple, elegant, and wrong. - HL Mencken > > GPG fingerprint = 6174 1257 129E 0D21 D8D4 E8A3 8E39 29E3 E2E8 8CEC > > > > --- bacula-2.0.3/src/lib/tls.c 2007-01-23 20:59:13.000000000 -0500 > > +++ bacula-2.0.3-ssl-double-shutdown/src/lib/tls.c 2007-06-24 18:02:15.000000000 -0400 > > @@ -561,6 +561,10 @@ > > > > err = SSL_shutdown(bsock->tls->openssl); > > > > + if(err == 0){ > > + err = SSL_shutdown(bsock->tls->openssl); > > + } > > + > > switch (SSL_get_error(bsock->tls->openssl, err)) { > > case SSL_ERROR_NONE: > > break; > > Should that not have a sleep in there before the second call or > something? Or even be written something like: > > { > int x=0; > while (x<100 && !(err = SSL_shutdown(bsock->tls->openssl))) { x++; > /*sleep here?*/} > if(x==100 && !err) { /* some error message */ } > } > > I admit however that i havent read the docs and that this is just a > knee jerk thought which may be unnecessary, but i see no reason that > its guanteed that the bidirectional shutdown is concluded by the time > the second call is made.
The socket has been reset to block, so in principle, both the calls should wait the appropriate amount of time. > > Cheers, > Yves > > -- > perl -Mre=debug -e "/just|another|perl|hacker/" > > ------------------------------------------------------------------------- > This SF.net email is sponsored by DB2 Express > Download DB2 Express C - the FREE version of DB2 express and take > control of your XML. No limits. Just data. Click to get it now. > http://sourceforge.net/powerbar/db2/ > _______________________________________________ > Bacula-devel mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/bacula-devel > ------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ _______________________________________________ Bacula-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/bacula-devel
