Use non-blocking function to negotiate TLS connections

2026-01-22 15:48:18 +00:00 · 2022-11-09 13:55:17 +00:00
--- a/lib/postal/smtp_server/server.rb
+++ b/lib/postal/smtp_server/server.rb
@@ -131,6 +131,23 @@ module Postal
                client = monitor.value
                # For now we assume the connection isn't closed
                eof = false
+                # Is the client negotiating a TLS handshake?
+                if client.start_tls?
+                  begin
+                    # Can we accept the TLS connection at this time?
+                    io.accept_nonblock()
+                    # We were able to accept the connection, the client is no longer handshaking
+                    client.start_tls = false
+                  rescue IO::WaitReadable, IO::WaitWritable => e
+                    # Could not accept without blocking
+                    # We will try again later
+                    next
+                  rescue OpenSSL::SSL::SSLError => e
+                    client.log "SSL Negotiation Failed: #{e.message}"
+                    eof = true
+                  end
+                else
+                  # The client is not negotiating a TLS handshake at this time
                  begin
                    # Read 10kiB of data at a time from the socket.
                    # There is an extra step for SSL sockets
@@ -174,31 +191,22 @@ module Postal
                      end
                    end
                  end
-                # If the client requested we start TLS, do it now
+
+                  # Did the client request STARTTLS?
                  if !eof && client.start_tls?
-                  # Clear the request
-                  client.start_tls = false
                    # Deregister the unencrypted IO
                    @io_selector.deregister(io)
                    buffers.delete(io)
-                  # Prepare TLS on the socket
-                  tcp_io = io
                    io = OpenSSL::SSL::SSLSocket.new(io, ssl_context)
+                    # Close the underlying IO when the TLS socket is closed
+                    io.sync_close = true
                    # Register the new TLS socket with nio
                    monitor = @io_selector.register(io, :r)
                    monitor.value = client
-                  # Close the underlying IO when the TLS socket is closed
-                  io.sync_close = true
-                  begin
-                    # Start TLS negotiation
-                    io.accept
-                  rescue OpenSSL::SSL::SSLError => e
-                    client.log "SSL Negotiation Failed: #{e.message}"
-                    eof = true
                  end
                end

-                # Has the clint requested we close the connection?
+                # Has the client requested we close the connection?
                if client.finished? || eof
                  client.log "\e[35m   Connection closed\e[0m"
                  # Deregister the socket and close it