From 767802f111887c3d5804f27ddc598f3afce5f6e2 Mon Sep 17 00:00:00 2001
From: XinyuHou <xinyu@synergy-project.org>
Date: Thu, 29 Jan 2015 15:40:30 +0000
Subject: [PATCH] removed loop accept and connect and added more debug info
 #4313

---
 src/lib/plugin/ns/SecureSocket.cpp | 49 +++++++++++++++++-------------
 src/lib/plugin/ns/SecureSocket.h   | 10 +++---
 src/lib/server/ClientListener.cpp  |  9 +++++-
 3 files changed, 41 insertions(+), 27 deletions(-)

diff --git a/src/lib/plugin/ns/SecureSocket.cpp b/src/lib/plugin/ns/SecureSocket.cpp
index 217f8d30..97137591 100644
--- a/src/lib/plugin/ns/SecureSocket.cpp
+++ b/src/lib/plugin/ns/SecureSocket.cpp
@@ -59,6 +59,8 @@ SecureSocket::SecureSocket(
 
 SecureSocket::~SecureSocket()
 {
+	SSL_shutdown(m_ssl->m_ssl);
+
 	if (m_ssl->m_ssl != NULL) {
 		SSL_free(m_ssl->m_ssl);
 		m_ssl->m_ssl = NULL;
@@ -72,6 +74,14 @@ SecureSocket::~SecureSocket()
 	delete[] m_error;
 }
 
+void
+SecureSocket::close()
+{
+	SSL_shutdown(m_ssl->m_ssl);
+
+	TCPSocket::close();
+}
+
 void
 SecureSocket::secureConnect()
 {
@@ -210,14 +220,6 @@ SecureSocket::secureAccept(int socket)
 	int r = SSL_accept(m_ssl->m_ssl);
 	bool retry = checkResult(r);
 
-	//TODO: don't use this infinite loop
-	while (retry) {
-		ARCH->sleep(.5f);
-		SSL_set_fd(m_ssl->m_ssl, socket);
-		r = SSL_accept(m_ssl->m_ssl);
-		retry = checkResult(r);
-	}
-
 	m_secureReady = !retry;
 	return retry;
 }
@@ -234,17 +236,12 @@ SecureSocket::secureConnect(int socket)
 	int r = SSL_connect(m_ssl->m_ssl);
 	bool retry = checkResult(r);
 
-	//TODO: don't use this infinite loop
-	while (retry) {
-		ARCH->sleep(.5f);
-		r = SSL_connect(m_ssl->m_ssl);
-		retry = checkResult(r);
+	m_secureReady = !retry;
+
+	if (m_secureReady) {
+		showCertificate();
 	}
 
-	m_secureReady= true;
-	showCertificate();
-
-	m_secureReady = !retry;
 	return retry;
 }
 
@@ -276,6 +273,12 @@ SecureSocket::checkResult(int n)
 	
 	switch (errorCode) {
 	case SSL_ERROR_NONE:
+		// the TLS/SSL I/O operation completed
+		break;
+
+	case SSL_ERROR_ZERO_RETURN:
+		// the TLS/SSL connection has been closed
+		LOG((CLOG_DEBUG2 "SSL_ERROR_ZERO_RETURN"));
 		break;
 
 	case SSL_ERROR_WANT_READ:
@@ -299,15 +302,18 @@ SecureSocket::checkResult(int n)
 		break;
 
 	case SSL_ERROR_SYSCALL:
+		// some I/O error occurred
 		throwError("Secure socket syscall error");
 		break;
 	case SSL_ERROR_SSL:
-		throwError("Secure socket error");
+		// a failure in the SSL library occurred
+		LOG((CLOG_DEBUG2 "SSL_ERROR_SSL"));
+		throwError("Secure socket SSL error");
 		break;
 
 	default:
 		// possible cases: 
-		// SSL_ERROR_WANT_X509_LOOKUP, SSL_ERROR_ZERO_RETURN
+		// SSL_ERROR_WANT_X509_LOOKUP
 		showError();
 	}
 
@@ -326,7 +332,7 @@ void
 SecureSocket::throwError(const char* reason)
 {
 	if (getError()) {
-		throw XSecureSocket(synergy::string::sprintf(
+		throw XSocket(synergy::string::sprintf(
 			"%s: %s", reason, m_error));
 	}
 }
@@ -342,7 +348,7 @@ SecureSocket::getError()
 		errorUpdated = true;
 	}
 	else {
-		LOG((CLOG_DEBUG "can not detect any error in secure socket"));
+		LOG((CLOG_DEBUG2 "can not detect any error in secure socket"));
 	}
 	
 	return errorUpdated;
@@ -376,5 +382,6 @@ SecureSocket::serviceAccept(ISocketMultiplexerJob* job,
 #elif SYSAPI_UNIX
 	retry = secureAccept(getSocket()->m_fd);
 #endif
+
 	return retry ? job : newJob();
 }
diff --git a/src/lib/plugin/ns/SecureSocket.h b/src/lib/plugin/ns/SecureSocket.h
index 42766265..7d09ed21 100644
--- a/src/lib/plugin/ns/SecureSocket.h
+++ b/src/lib/plugin/ns/SecureSocket.h
@@ -18,7 +18,7 @@
 #pragma once
 
 #include "net/TCPSocket.h"
-#include "base/XBase.h"
+#include "net/XSocket.h"
 
 class IEventQueue;
 class SocketMultiplexer;
@@ -26,10 +26,6 @@ class ISocketMultiplexerJob;
 
 struct Ssl;
 
-//! Generic socket exception
-XBASE_SUBCLASS(XSecureSocket, XBase);
-
-
 //! Secure socket
 /*!
 A secure socket using SSL.
@@ -42,8 +38,12 @@ public:
 		ArchSocket socket);
 	~SecureSocket();
 
+	// ISocket overrides
+	void				close();
+
 	void				secureConnect();
 	void				secureAccept();
+	bool				isReady() const { return m_secureReady; }
 	bool				isSecureReady();
 	bool				isSecure() { return true; }
 	UInt32				secureRead(void* buffer, UInt32 n);
diff --git a/src/lib/server/ClientListener.cpp b/src/lib/server/ClientListener.cpp
index 601f3c32..81900ae3 100644
--- a/src/lib/server/ClientListener.cpp
+++ b/src/lib/server/ClientListener.cpp
@@ -137,7 +137,8 @@ void
 ClientListener::handleClientConnecting(const Event&, void*)
 {
 	// accept client connection
-	synergy::IStream* stream = m_listen->accept();
+	IDataSocket* socket	= m_listen->accept();
+	synergy::IStream* stream  = socket;
 
 	if (stream == NULL) {
 		return;
@@ -157,6 +158,12 @@ ClientListener::handleClientConnecting(const Event&, void*)
 
 	assert(m_server != NULL);
 
+	if (m_useSecureNetwork) {
+		while(!socket->isReady()) {
+			ARCH->sleep(.5f);
+		}
+	}
+
 	// create proxy for unknown client
 	ClientProxyUnknown* client = new ClientProxyUnknown(stream, 30.0, m_server, m_events);
 	m_newClients.insert(client);