One more attempt: stuck processes

Ken Murchison murch at
Fri Nov 16 11:27:52 EST 2007

Sebastian Hagedorn wrote:

> The only reason I could imagine for the sequence of calls was signal 
> handling. But let's be methodical. There's only one spot where 
> SSL_accept() is called: in tls_start_servertls(). In pop3d.c that's only 
> called in cmd_starttls(). That in turn is called either in cmdloop (for 
> handling of STLS) or in service_main() for connections to port 995.

Actually, now that I think about it, I believe SSL_accept() can be 
called from SSL_read() at any time if a renegotiation is required. 
Since shut_down() calls prot_fill(), which in turn can call SSL_read(), 
its possible that we can get an SSL_accept() call.  Before I start 
hacking code, can you apply the following patch (sorry about the line 
breaks) and see if I'm heading in the right direction?  Let me know if 
you get any of the WARNING messages in your logs.

--- prot.c.~1.93.~	2007-11-16 11:21:56.000000000 -0500
+++ prot.c	2007-11-16 11:23:32.000000000 -0500
@@ -468,6 +468,7 @@
  	    /* just do a SSL read instead if we're under a tls layer */
  	    if (s->tls_conn != NULL) {
  		n = SSL_read(s->tls_conn, (char *) s->buf, PROT_BUFSIZE);
+		if (n <= 0) syslog(LOG_WARNING, "SSL_read() returned %d", n);
  	    } else {
  		n = read(s->fd, s->buf, PROT_BUFSIZE);
Kenneth Murchison
Systems Programmer
Project Cyrus Developer/Maintainer
Carnegie Mellon University

More information about the Info-cyrus mailing list