diff --git a/cib/remote.c b/cib/remote.c index d260e35..6f6ce7b 100644 --- a/cib/remote.c +++ b/cib/remote.c @@ -489,7 +489,7 @@ cib_remote_msg(gpointer data) do { rc = gnutls_handshake(*client->remote->tls_session); - if (rc < 0 && rc != GNUTLS_E_AGAIN) { + if (rc < 0 && rc != GNUTLS_E_AGAIN && rc != GNUTLS_E_INTERRUPTED) { crm_err("Remote cib tls handshake failed"); return -1; } diff --git a/lib/common/remote.c b/lib/common/remote.c index 8b00f16..69e6252 100644 --- a/lib/common/remote.c +++ b/lib/common/remote.c @@ -70,11 +70,16 @@ crm_initiate_client_tls_handshake(crm_remote_t * remote, int timeout_ms) pollrc = crm_remote_ready(remote, 1000); if (pollrc < 0) { /* poll returned error, there is no hope */ + crm_err("crm_remote_ready failed: %d", rc); rc = -1; } - } + } else if (rc < 0) { + crm_err("Client lrmd tls handshake failed: %d", rc); + } else { + crm_info("Client lrmd tls handshake completed."); + } - } while (((time(NULL) - start) < (timeout_ms / 1000)) && + } while ((time(NULL) < (start + (timeout_ms / 1000))) && (rc == GNUTLS_E_INTERRUPTED || rc == GNUTLS_E_AGAIN)); if (rc < 0) { @@ -518,7 +523,7 @@ crm_remote_ready(crm_remote_t * remote, int timeout /* ms */ ) struct pollfd fds = { 0, }; int sock = 0; int rc = 0; - time_t start; + time_t start, endtime, now; if (remote->tcp_socket) { sock = remote->tcp_socket; @@ -538,23 +543,26 @@ crm_remote_ready(crm_remote_t * remote, int timeout /* ms */ ) } start = time(NULL); + endtime = start + (timeout/1000); errno = 0; - do { + for (;;) { fds.fd = sock; fds.events = POLLIN; + rc = poll(&fds, 1, timeout); + /* If we got an EINTR while polling, and we have a * specific timeout we are trying to honor, attempt * to adjust the timeout to the closest second. */ - if (errno == EINTR && (timeout > 0)) { - timeout = timeout - ((time(NULL) - start) * 1000); + if (rc < 0 && errno == EINTR && ((now = time(NULL)) < endtime)) { + timeout = (endtime - now) * 1000; if (timeout < 1000) { timeout = 1000; } - } - - rc = poll(&fds, 1, timeout); - } while (rc < 0 && errno == EINTR); + } else { + break; + } + } return rc; } diff --git a/lib/lrmd/lrmd_client.c b/lib/lrmd/lrmd_client.c index c2ace14..c1afb0a 100644 --- a/lib/lrmd/lrmd_client.c +++ b/lib/lrmd/lrmd_client.c @@ -1015,6 +1015,9 @@ lrmd_tls_key_cb(gnutls_session_t session, char **username, gnutls_datum_t * key) int rc = 0; const char *specific_location = getenv("PCMK_authkey_location"); + *username = gnutls_malloc(strlen(DEFAULT_REMOTE_USERNAME) + 1); + strcpy(*username, DEFAULT_REMOTE_USERNAME); + if (lrmd_tls_set_key(key, specific_location) == 0) { crm_debug("Using custom authkey location %s", specific_location); return 0; @@ -1025,12 +1028,11 @@ lrmd_tls_key_cb(gnutls_session_t session, char **username, gnutls_datum_t * key) } if (rc) { crm_err("No lrmd remote key found"); + gnutls_free(*username); + *username = NULL; return -1; } - *username = gnutls_malloc(strlen(DEFAULT_REMOTE_USERNAME) + 1); - strcpy(*username, DEFAULT_REMOTE_USERNAME); - return rc; } diff --git a/lrmd/tls_backend.c b/lrmd/tls_backend.c index c6324b7..7607185 100644 --- a/lrmd/tls_backend.c +++ b/lrmd/tls_backend.c @@ -64,8 +64,8 @@ lrmd_remote_client_msg(gpointer data) do { rc = gnutls_handshake(*client->remote->tls_session); - if (rc < 0 && rc != GNUTLS_E_AGAIN) { - crm_err("Remote lrmd tls handshake failed"); + if (rc < 0 && rc != GNUTLS_E_AGAIN && rc != GNUTLS_E_INTERRUPTED) { + crm_err("Remote lrmd tls handshake failed: %d", rc); return -1; } } while (rc == GNUTLS_E_INTERRUPTED);