From fa03dcfff6a5215ef06c1e579eddb0f5c09f8798 Mon Sep 17 00:00:00 2001
From: Andrei Vagin <avagin@gmail.com>
Date: Wed, 22 Dec 2021 09:36:09 -0800
Subject: [PATCH 095/120] tls: allow to terminate connections synchronously
GNUTLS_SHUT_RDWR sends an alert containing a close request and waits for
the peer to reply with the same message.
Signed-off-by: Andrei Vagin <avagin@gmail.com>
---
criu/include/tls.h | 4 ++--
criu/page-xfer.c | 5 +++--
criu/tls.c | 6 +++---
3 files changed, 8 insertions(+), 7 deletions(-)
diff --git a/criu/include/tls.h b/criu/include/tls.h
index 26f9976fd..f563c092c 100644
--- a/criu/include/tls.h
+++ b/criu/include/tls.h
@@ -4,7 +4,7 @@
#ifdef CONFIG_GNUTLS
int tls_x509_init(int sockfd, bool is_server);
-void tls_terminate_session(void);
+void tls_terminate_session(bool async);
ssize_t tls_send(const void *buf, size_t len, int flags);
ssize_t tls_recv(void *buf, size_t len, int flags);
@@ -19,7 +19,7 @@ int tls_recv_data_to_fd(int fd, unsigned long len);
#define tls_recv(buf, len, flags) (-1)
#define tls_send_data_from_fd(fd, len) (-1)
#define tls_recv_data_to_fd(fd, len) (-1)
-#define tls_terminate_session()
+#define tls_terminate_session(async)
#endif /* CONFIG_HAS_GNUTLS */
diff --git a/criu/page-xfer.c b/criu/page-xfer.c
index 9adf2c8b2..7ff07680f 100644
--- a/criu/page-xfer.c
+++ b/criu/page-xfer.c
@@ -1259,6 +1259,8 @@ static int page_server_serve(int sk)
ret = -1;
}
+ tls_terminate_session(ret != 0);
+
if (ret == 0 && opts.ps_socket == -1) {
char c;
@@ -1272,7 +1274,6 @@ static int page_server_serve(int sk)
}
}
- tls_terminate_session();
page_server_close();
pr_info("Session over\n");
@@ -1504,7 +1505,7 @@ int disconnect_from_page_server(void)
ret = 0;
out:
- tls_terminate_session();
+ tls_terminate_session(ret != 0);
close_safe(&page_server_sk);
return ret ?: status;
diff --git a/criu/tls.c b/criu/tls.c
index 9985b037d..4feaf613b 100644
--- a/criu/tls.c
+++ b/criu/tls.c
@@ -31,7 +31,7 @@ static gnutls_certificate_credentials_t x509_cred;
static int tls_sk = -1;
static int tls_sk_flags = 0;
-void tls_terminate_session(void)
+void tls_terminate_session(bool async)
{
int ret;
@@ -44,7 +44,7 @@ void tls_terminate_session(void)
* Initiate a connection shutdown but don't
* wait for peer to close connection.
*/
- ret = gnutls_bye(session, GNUTLS_SHUT_WR);
+ ret = gnutls_bye(session, async ? GNUTLS_SHUT_WR : GNUTLS_SHUT_RDWR);
} while (ret == GNUTLS_E_AGAIN || ret == GNUTLS_E_INTERRUPTED);
/* Free the session object */
gnutls_deinit(session);
@@ -399,6 +399,6 @@ int tls_x509_init(int sockfd, bool is_server)
return 0;
err:
- tls_terminate_session();
+ tls_terminate_session(true);
return -1;
}
--
2.34.1