From df8e511381f457bb9b2e2c85142585ea86114ffc Mon Sep 17 00:00:00 2001 From: Robert Larsen Date: Fri, 23 Aug 2019 10:55:47 +0200 Subject: [PATCH] Added mbedtls_net_close and use it in ssl_fork_server to correctly disassociate the client socket from the parent process and the server socket from the child process. --- include/mbedtls/net_sockets.h | 7 +++++++ library/net_sockets.c | 13 +++++++++++++ programs/ssl/ssl_fork_server.c | 3 ++- 3 files changed, 22 insertions(+), 1 deletion(-) diff --git a/include/mbedtls/net_sockets.h b/include/mbedtls/net_sockets.h index df42b450c..adb589ee9 100644 --- a/include/mbedtls/net_sockets.h +++ b/include/mbedtls/net_sockets.h @@ -257,6 +257,13 @@ int mbedtls_net_send( void *ctx, const unsigned char *buf, size_t len ); int mbedtls_net_recv_timeout( void *ctx, unsigned char *buf, size_t len, uint32_t timeout ); +/** + * \brief Closes down the connection and free associated data + * + * \param ctx The context to close + */ +void mbedtls_net_close( mbedtls_net_context *ctx ); + /** * \brief Gracefully shutdown the connection and free associated data * diff --git a/library/net_sockets.c b/library/net_sockets.c index 5d538bfd5..c7b358d05 100644 --- a/library/net_sockets.c +++ b/library/net_sockets.c @@ -651,6 +651,19 @@ int mbedtls_net_send( void *ctx, const unsigned char *buf, size_t len ) return( ret ); } +/* + * Close the connection + */ +void mbedtls_net_close( mbedtls_net_context *ctx ) +{ + if( ctx->fd == -1 ) + return; + + close( ctx->fd ); + + ctx->fd = -1; +} + /* * Gracefully close the connection */ diff --git a/programs/ssl/ssl_fork_server.c b/programs/ssl/ssl_fork_server.c index 80407e49a..851bc0536 100644 --- a/programs/ssl/ssl_fork_server.c +++ b/programs/ssl/ssl_fork_server.c @@ -254,6 +254,7 @@ int main( void ) if( pid != 0 ) { mbedtls_printf( " ok\n" ); + mbedtls_net_close( &client_fd ); if( ( ret = mbedtls_ctr_drbg_reseed( &ctr_drbg, (const unsigned char *) "parent", @@ -266,7 +267,7 @@ int main( void ) continue; } - mbedtls_net_init( &listen_fd ); + mbedtls_net_close( &listen_fd ); pid = getpid();