مراية لـ
https://github.com/postalserver/postal.git
تم المزامنة 2026-01-22 07:38:18 +00:00
Use non-blocking function to negotiate TLS connections
هذا الالتزام موجود في:
Charlie Smurthwaite
ملتزم من قبل
GitHub
GitHub
الأصل
83fef0e8a0
التزام
a7dd19baac
@@ -131,6 +131,23 @@ module Postal
|
|||||||
client = monitor.value
|
client = monitor.value
|
||||||
# For now we assume the connection isn't closed
|
# For now we assume the connection isn't closed
|
||||||
eof = false
|
eof = false
|
||||||
|
# Is the client negotiating a TLS handshake?
|
||||||
|
if client.start_tls?
|
||||||
|
begin
|
||||||
|
# Can we accept the TLS connection at this time?
|
||||||
|
io.accept_nonblock()
|
||||||
|
# We were able to accept the connection, the client is no longer handshaking
|
||||||
|
client.start_tls = false
|
||||||
|
rescue IO::WaitReadable, IO::WaitWritable => e
|
||||||
|
# Could not accept without blocking
|
||||||
|
# We will try again later
|
||||||
|
next
|
||||||
|
rescue OpenSSL::SSL::SSLError => e
|
||||||
|
client.log "SSL Negotiation Failed: #{e.message}"
|
||||||
|
eof = true
|
||||||
|
end
|
||||||
|
else
|
||||||
|
# The client is not negotiating a TLS handshake at this time
|
||||||
begin
|
begin
|
||||||
# Read 10kiB of data at a time from the socket.
|
# Read 10kiB of data at a time from the socket.
|
||||||
# There is an extra step for SSL sockets
|
# There is an extra step for SSL sockets
|
||||||
@@ -174,31 +191,22 @@ module Postal
|
|||||||
end
|
end
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
# If the client requested we start TLS, do it now
|
|
||||||
|
# Did the client request STARTTLS?
|
||||||
if !eof && client.start_tls?
|
if !eof && client.start_tls?
|
||||||
# Clear the request
|
|
||||||
client.start_tls = false
|
|
||||||
# Deregister the unencrypted IO
|
# Deregister the unencrypted IO
|
||||||
@io_selector.deregister(io)
|
@io_selector.deregister(io)
|
||||||
buffers.delete(io)
|
buffers.delete(io)
|
||||||
# Prepare TLS on the socket
|
|
||||||
tcp_io = io
|
|
||||||
io = OpenSSL::SSL::SSLSocket.new(io, ssl_context)
|
io = OpenSSL::SSL::SSLSocket.new(io, ssl_context)
|
||||||
|
# Close the underlying IO when the TLS socket is closed
|
||||||
|
io.sync_close = true
|
||||||
# Register the new TLS socket with nio
|
# Register the new TLS socket with nio
|
||||||
monitor = @io_selector.register(io, :r)
|
monitor = @io_selector.register(io, :r)
|
||||||
monitor.value = client
|
monitor.value = client
|
||||||
# Close the underlying IO when the TLS socket is closed
|
|
||||||
io.sync_close = true
|
|
||||||
begin
|
|
||||||
# Start TLS negotiation
|
|
||||||
io.accept
|
|
||||||
rescue OpenSSL::SSL::SSLError => e
|
|
||||||
client.log "SSL Negotiation Failed: #{e.message}"
|
|
||||||
eof = true
|
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
# Has the clint requested we close the connection?
|
# Has the client requested we close the connection?
|
||||||
if client.finished? || eof
|
if client.finished? || eof
|
||||||
client.log "\e[35m Connection closed\e[0m"
|
client.log "\e[35m Connection closed\e[0m"
|
||||||
# Deregister the socket and close it
|
# Deregister the socket and close it
|
||||||
|
|||||||
المرجع في مشكلة جديدة
حظر مستخدم