bartoszek/zephyr
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

net: sockets: tls: Prevent infinite block during handshake

Browse Source 
In case peer goes down or we disconnect from the network during the
TLS handshake, the TLS socket may block indefinitely during
connect()/accept(), waiting for data from the peer. This should be
avoided, hence use the preconfigured timeout for the TLS handshake,
same as we use for TCP-level handshake.

Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
This commit is contained in:
Robert Lubos 2024-09-16 16:52:34 +02:00 committed by Anas Nashif
parent 086e4f84ed
commit fc007eeef5
1 changed files with 7 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
subsys/net/lib/sockets/sockets_tls.c
View File

@ -2181,7 +2181,8 @@ int ztls_connect_ctx(struct tls_context *ctx, const struct sockaddr *addr,
/* TODO For simplicity, TLS handshake blocks the socket
* even for non-blocking socket.
*/
ret = tls_mbedtls_handshake(ctx, K_FOREVER);
ret = tls_mbedtls_handshake(
ctx, K_MSEC(CONFIG_NET_SOCKETS_CONNECT_TIMEOUT));
if (ret < 0) {
goto error;
}
@ -2238,7 +2239,8 @@ int ztls_accept_ctx(struct tls_context *parent, struct sockaddr *addr,
/* TODO For simplicity, TLS handshake blocks the socket even for
* non-blocking socket.
*/
ret = tls_mbedtls_handshake(child, K_FOREVER);
ret = tls_mbedtls_handshake(
child, K_MSEC(CONFIG_NET_SOCKETS_CONNECT_TIMEOUT));
if (ret < 0) {
goto error;
}
@ -2379,6 +2381,9 @@ static ssize_t sendto_dtls_client(struct tls_context *ctx, const void *buf,
/* TODO For simplicity, TLS handshake blocks the socket even for
* non-blocking socket.
* DTLS handshake timeout/retransmissions are limited by
* mbed TLS, so K_FOREVER is fine here, the function will not
* block indefinitely.
*/
ret = tls_mbedtls_handshake(ctx, K_FOREVER);
if (ret < 0) {