[Dovecot] imap-login hanging when firewall blocks ssl handshaking
Ben Morrow
ben at morrow.me.uk
Fri Nov 30 00:12:18 EET 2012
At 10PM +0200 on 29/11/12 Timo Sirainen wrote:
> On 29.11.2012, at 17.42, Erik A Johnson wrote:
>
> > No, the test to bug out doesn't work because net_geterror(proxy->fd_ssl) returns 0 in the statement
> >
> > if (!proxy->client_proxy &&
> > net_geterror(proxy->fd_ssl) == ENOTCONN) {
> >
> > However, errno is indeed ENOTCONN. Changing the test to
> >
> > if (!proxy->client_proxy &&
> > errno == ENOTCONN) {
>
> This change isn't very reliable, since the previous call might not
> have been read().. I wonder if something like would work:
>
> if (!proxy->client && read(proxy->fd_ssl, &err, 0) < 0 && errno == ENOTCONN) {
How about calling getpeername on fd_ssl? That should reliably tell you
if the socket is connected or not. http://cr.yp.to/docs/connect.html
suggests that read is not always a reliable test for that.
Ben
More information about the dovecot
mailing list