- Apply patch to fix timed out SSL connections from spinning CPU

Tested by: bdrewery Submitted by: kajetan.staszkiewicz@innogames.de Submitted by: ohauer PR: 176438 Approved by: maintainer timeout
svn path=/head/; revision=369416
2014-09-27 19:36:35 +00:00 · 2014-09-27 19:36:35 +00:00 · 2f7367e2fa · 2021-03-31 03:12:20 +00:00
commit 2f7367e2fa
parent 6873226fb0
2 changed files with 46 additions and 6 deletions
--- a/net-mgmt/nrpe/Makefile
+++ b/net-mgmt/nrpe/Makefile
@ -3,7 +3,7 @@

 PORTNAME=	nrpe
 DISTVERSION=	2.15
-PORTREVISION=	3
+PORTREVISION=	4
 CATEGORIES=	net-mgmt
 MASTER_SITES=	SF/nagios/${PORTNAME}-2.x/${PORTNAME}-${PORTVERSION}

--- a/net-mgmt/nrpe/files/patch-src-nrpe.c
+++ b/net-mgmt/nrpe/files/patch-src-nrpe.c
@ -1,6 +1,15 @@
--- src/nrpe.c.orig	2013-07-10 21:18:24.000000000 +0000
-+++ src/nrpe.c	2013-07-10 21:20:25.000000000 +0000
-@@ -89,7 +89,9 @@
+--- ./src/nrpe.c.orig	2013-09-06 17:27:13.000000000 +0200
+++ ./src/nrpe.c	2013-10-05 17:15:33.000000000 +0200
+@@ -30,6 +30,8 @@
+ #include "utils.h"
+ #include "acl.h"
+ 
+#include <poll.h>
+
+ #ifdef HAVE_SSL
+ #include "../include/dh.h"
+ #endif
+@@ -100,7 +102,9 @@
 int     use_src=FALSE; /* Define parameter for SRC option */
 
 
@ -10,7 +19,38 @@
 
 
 int main(int argc, char **argv){
-@@ -1673,6 +1675,7 @@
+@@ -969,8 +973,14 @@
+ 					continue;
+ 
+ 				/* socket is nonblocking and we don't have a connection yet */
+-				if(errno==EAGAIN)
+				if(errno==EAGAIN) {
+					struct pollfd pfd;
+
+					pfd.fd = sock;
+					pfd.events = POLLIN;
+					poll(&pfd,1,-1);
+ 					continue;
+					}
+ 
+ 				/* fix for HP-UX 11.0 - just retry */
+ 				if(errno==ENOBUFS)
+@@ -1207,9 +1217,13 @@
+ 	if(result==STATE_OK && use_ssl==TRUE){
+ 		if((ssl=SSL_new(ctx))!=NULL){
+ 			SSL_set_fd(ssl,sock);
+			int n = 0;
+ 
+ 			/* keep attempting the request if needed */
+-                        while(((rc=SSL_accept(ssl))!=1) && (SSL_get_error(ssl,rc)==SSL_ERROR_WANT_READ));
+                        while( ((rc=SSL_accept(ssl))!=1) && (SSL_get_error(ssl,rc)==SSL_ERROR_WANT_READ) && n <= 600){
+				usleep(100000);
+				n++;
+			}
+ 
+ 			if(rc!=1){
+ 				syslog(LOG_ERR,"Error: Could not complete SSL handshake. %d\n",SSL_get_error(ssl,rc));
+@@ -1796,6 +1810,7 @@
 	return OK;
         }
 
@ -18,7 +58,7 @@
 void complete_SSL_shutdown( SSL *ssl) {
 
 	/*  
-@@ -1693,6 +1696,7 @@
+@@ -1816,6 +1831,7 @@
 		if( SSL_shutdown( ssl)) break;
 	}
 }