[prev in list] [next in list] [prev in thread] [next in thread]
List: libreswan-dev
Subject: [Swan-dev] release_whack() not causing whack fd to be released?
From: Paul Wouters <paul () nohats ! ca>
Date: 2016-10-12 20:33:31
Message-ID: alpine.LRH.2.20.1610121628010.21397 () bofh ! nohats ! ca
[Download RAW message or body]
While adding tests for nss/ocsp (nss-cert-10-notyetvalid-responder) I
noticed that the whack isn't released in the STF_FAIL case:
west #
ipsec auto --up nss-cert
002 "nss-cert" #1: initiating Main Mode
104 "nss-cert" #1: STATE_MAIN_I1: initiate
106 "nss-cert" #1: STATE_MAIN_I2: sent MI2, expecting MR2
002 "nss-cert" #1: I am sending my cert
002 "nss-cert" #1: I am sending a certificate request
108 "nss-cert" #1: STATE_MAIN_I3: sent MI3, expecting MR3
002 "nss-cert" #1: Main mode peer ID is ID_DER_ASN1_DN: 'C=CA, ST=Ontario, L=Toronto, \
O=Libreswan, OU=Test Department, CN=notyetvalid.testing.libreswan.org, \
E=testing@libreswan.org' 003 "nss-cert" #1: Certificate \
E=testing@libreswan.org,CN=notyetvalid.testing.libreswan.org,OU=Test \
Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA failed verification 003 "nss-cert" \
#1: ERROR: Peer's Certificate has expired. 003 "nss-cert" #1: no RSA public key known \
for 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, \
CN=notyetvalid.testing.libreswan.org, E=testing@libreswan.org' 217 "nss-cert" #1: \
STATE_MAIN_I3: INVALID_KEY_INFORMATION 002 "nss-cert" #1: sending encrypted \
notification INVALID_KEY_INFORMATION to 192.1.2.23:500 #\[root@west ]# timedout send \
line: ipsec auto --up nss-cert echo done
I checkd with gdb, and release_whack() is called in ikev1.c in \
complete_v1_state_transition()
if (IS_PHASE1_INIT(st->st_state)) {
delete_event(st);
release_whack(st);
}
And release_whack() itself is pretty simple:
void release_whack(struct state *st)
{
close_any(st->st_whack_sock);
}
with close_any being a macro:
include/constants.h:#define close_any(fd) { if ((fd) != NULL_FD) { close(fd); (fd) = \
NULL_FD; } }
Anyone have any theories as to what could be going on?
Paul
_______________________________________________
Swan-dev mailing list
Swan-dev@lists.libreswan.org
https://lists.libreswan.org/mailman/listinfo/swan-dev
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic