Commit fc007eee authored by Robert Lubos's avatar Robert Lubos Committed by Anas Nashif
Browse files

net: sockets: tls: Prevent infinite block during handshake 



In case peer goes down or we disconnect from the network during the
TLS handshake, the TLS socket may block indefinitely during
connect()/accept(), waiting for data from the peer. This should be
avoided, hence use the preconfigured timeout for the TLS handshake,
same as we use for TCP-level handshake.

Signed-off-by: default avatarRobert Lubos <robert.lubos@nordicsemi.no>
parent 086e4f84

subsys/net/lib/sockets/sockets_tls.c

+7 −2
Original line number Diff line number Diff line
@@ -2181,7 +2181,8 @@ int ztls_connect_ctx(struct tls_context *ctx, const struct sockaddr *addr, 
		/* TODO For simplicity, TLS handshake blocks the socket

		 * even for non-blocking socket.

		 */

		ret = tls_mbedtls_handshake(ctx, K_FOREVER);

		ret = tls_mbedtls_handshake(

			ctx, K_MSEC(CONFIG_NET_SOCKETS_CONNECT_TIMEOUT));

		if (ret < 0) {

			goto error;

		}
@@ -2238,7 +2239,8 @@ int ztls_accept_ctx(struct tls_context *parent, struct sockaddr *addr, 
	/* TODO For simplicity, TLS handshake blocks the socket even for

	 * non-blocking socket.

	 */

	ret = tls_mbedtls_handshake(child, K_FOREVER);

	ret = tls_mbedtls_handshake(

		child, K_MSEC(CONFIG_NET_SOCKETS_CONNECT_TIMEOUT));

	if (ret < 0) {

		goto error;

	}
@@ -2379,6 +2381,9 @@ static ssize_t sendto_dtls_client(struct tls_context *ctx, const void *buf, 


		/* TODO For simplicity, TLS handshake blocks the socket even for

		 * non-blocking socket.

		 * DTLS handshake timeout/retransmissions are limited by

		 * mbed TLS, so K_FOREVER is fine here, the function will not

		 * block indefinitely.

		 */

		ret = tls_mbedtls_handshake(ctx, K_FOREVER);

		if (ret < 0) {

CRA Git | Maintained and supported by SUSTech CRA and CCSE