Fix problem with cs_close hang/wait in SSL mode YAZ-652

[yaz-moved-to-github.git] / src / tcpip.c

diff --git a/src/tcpip.c b/src/tcpip.c
index 492cfef..dcfec86 100644 (file)
--- a/src/tcpip.c
+++ b/src/tcpip.c
@@ -1,5 +1,5 @@
 /* This file is part of the YAZ toolkit.
- * Copyright (C) 1995-2012 Index Data
+ * Copyright (C) 1995-2013 Index Data
  * See the file LICENSE for details.
  */
 /**
@@ -338,7 +338,8 @@ static int ssl_check_error(COMSTACK h, tcpip_state *sp, int res)
 
 #if HAVE_GETADDRINFO
 /* resolve using getaddrinfo */
-struct addrinfo *tcpip_getaddrinfo(const char *str, const char *port)
+struct addrinfo *tcpip_getaddrinfo(const char *str, const char *port,
+                                   int *ipv6_only)
 {
     struct addrinfo hints, *res;
     int error;
@@ -366,18 +367,28 @@ struct addrinfo *tcpip_getaddrinfo(const char *str, const char *port)
     if (!strcmp("@", host))
     {
         hints.ai_flags = AI_PASSIVE;
+        hints.ai_family = AF_INET6;
+        error = getaddrinfo(0, port, &hints, &res);
+        *ipv6_only = 0;
+    }
+    else if (!strcmp("@4", host))
+    {
+        hints.ai_flags = AI_PASSIVE;
         hints.ai_family = AF_INET;
         error = getaddrinfo(0, port, &hints, &res);
+        *ipv6_only = -1;
     }
     else if (!strcmp("@6", host))
     {
         hints.ai_flags = AI_PASSIVE;
         hints.ai_family = AF_INET6;
         error = getaddrinfo(0, port, &hints, &res);
+        *ipv6_only = 1;
     }
     else
     {
         error = getaddrinfo(host, port, &hints, &res);
+        *ipv6_only = -1;
     }
     if (error)
         return 0;
@@ -433,6 +444,7 @@ void *tcpip_straddr(COMSTACK h, const char *str)
     tcpip_state *sp = (tcpip_state *)h->cprivate;
     const char *port = "210";
     struct addrinfo *ai = 0;
+    int ipv6_only = 0;
     if (h->protocol == PROTO_HTTP)
     {
         if (h->type == ssl_type)
@@ -445,7 +457,7 @@ void *tcpip_straddr(COMSTACK h, const char *str)
 
     if (sp->ai)
         freeaddrinfo(sp->ai);
-    sp->ai = tcpip_getaddrinfo(str, port);
+    sp->ai = tcpip_getaddrinfo(str, port, &ipv6_only);
     if (sp->ai && h->state == CS_ST_UNBND)
     {
         int s = -1;
@@ -459,7 +471,11 @@ void *tcpip_straddr(COMSTACK h, const char *str)
             return 0;
         assert(ai);
         h->iofile = s;
-
+        if (ipv6_only >= 0 &&
+            setsockopt(h->iofile,
+                       IPPROTO_IPV6,
+                       IPV6_V6ONLY, &ipv6_only, sizeof(ipv6_only)))
+                return 0;
         if (!tcpip_set_blocking(h, h->flags))
             return 0;
     }
@@ -580,21 +596,20 @@ int tcpip_rcvconnect(COMSTACK h)
 #if HAVE_GNUTLS_H
     if (h->type == ssl_type && !sp->session)
     {
-        int res;
         gnutls_global_init();
-
         tcpip_create_cred(h);
-
         gnutls_init(&sp->session, GNUTLS_CLIENT);
         gnutls_set_default_priority(sp->session);
         gnutls_credentials_set (sp->session, GNUTLS_CRD_CERTIFICATE,
                                 sp->cred_ptr->xcred);
-
         /* cast to intermediate size_t to avoid GCC warning. */
         gnutls_transport_set_ptr(sp->session,
                                  (gnutls_transport_ptr_t)
                                  (size_t) h->iofile);
-        res = gnutls_handshake(sp->session);
+    }
+    if (sp->session)
+    {
+        int res = gnutls_handshake(sp->session);
         if (res < 0)
         {
             if (ssl_check_error(h, sp, res))
@@ -1351,7 +1366,7 @@ void tcpip_close(COMSTACK h)
     {
 #if HAVE_GNUTLS_H
         if (sp->session)
-            gnutls_bye(sp->session, GNUTLS_SHUT_RDWR);
+            gnutls_bye(sp->session, GNUTLS_SHUT_WR);
 #elif HAVE_OPENSSL_SSL_H
         if (sp->ssl)
         {