[tor-commits] [tor/release-0.4.4] NSS: Tell NSS that our SSL sockets are nonblocking.
ahf at torproject.org
ahf at torproject.org
Tue Jul 14 14:50:57 UTC 2020
commit 40eb6b19a33f1261168e5d64ba162d6f7d80e5a1
Author: Nick Mathewson <nickm at torproject.org>
Date: Fri Jul 10 13:14:33 2020 -0400
NSS: Tell NSS that our SSL sockets are nonblocking.
Closes ticket 40035.
---
changes/ticket40035 | 5 +++++
src/lib/tls/tortls_nss.c | 10 ++++++++++
2 files changed, 15 insertions(+)
diff --git a/changes/ticket40035 b/changes/ticket40035
new file mode 100644
index 0000000000..8cdd447199
--- /dev/null
+++ b/changes/ticket40035
@@ -0,0 +1,5 @@
+ o Major bugfixes (NSS):
+ - When running with NSS enabled, make sure that NSS knows to expect
+ nonblocking sockets. Previously, we set our TCP sockets as blocking,
+ but did not tell NSS about the fact, which in turn could lead to
+ unexpected blocking behavior. Fixes bug 40035; bugfix on 0.3.5.1-alpha.
diff --git a/src/lib/tls/tortls_nss.c b/src/lib/tls/tortls_nss.c
index 1436442e1c..6f6c47674e 100644
--- a/src/lib/tls/tortls_nss.c
+++ b/src/lib/tls/tortls_nss.c
@@ -418,6 +418,16 @@ tor_tls_new(tor_socket_t sock, int is_server)
return NULL;
}
+ /* even if though the socket is already nonblocking, we need to tell NSS
+ * about the fact, so that it knows what to do when it says EAGAIN. */
+ PRSocketOptionData data;
+ data.option = PR_SockOpt_Nonblocking;
+ data.value.non_blocking = 1;
+ if (PR_SetSocketOption(ssl, &data) != PR_SUCCESS) {
+ PR_Close(ssl);
+ return NULL;
+ }
+
tor_tls_t *tls = tor_malloc_zero(sizeof(tor_tls_t));
tls->magic = TOR_TLS_MAGIC;
tls->context = ctx;
More information about the tor-commits
mailing list