Move SSL prepare and accept operations out of deep loop

Since all resources are ready, do not need lookup again. Signed-off-by: Michael Liu <michael.liu.point@gmail.com>
6 years ago · 24e34434a4
parent 7953649b1c
commit 24e34434a4
1 changed files with 29 additions and 35 deletions
--- a/src/net.c
+++ b/src/net.c
@ -199,43 +199,37 @@ int net__socket_accept(struct mosquitto_db *db, mosq_sock_t listensock)
 #ifdef WITH_TLS
 	/* TLS init */
-	for(i=0; i<db->config->listener_count; i++){
+	if(new_context->listener->ssl_ctx){
-		for(j=0; j<db->config->listeners[i].sock_count; j++){
+		new_context->ssl = SSL_new(new_context->listener->ssl_ctx);
-			if(db->config->listeners[i].socks[j] == listensock){
+		if(!new_context->ssl){
-				if(db->config->listeners[i].ssl_ctx){
+			context__cleanup(db, new_context, true);
-					new_context->ssl = SSL_new(db->config->listeners[i].ssl_ctx);
+			return -1;
-					if(!new_context->ssl){
+		}
-						context__cleanup(db, new_context, true);
+		SSL_set_ex_data(new_context->ssl, tls_ex_index_context, new_context);
-						return -1;
+		SSL_set_ex_data(new_context->ssl, tls_ex_index_listener, new_context->listener);
-					}
+		new_context->want_write = true;
-					SSL_set_ex_data(new_context->ssl, tls_ex_index_context, new_context);
+		bio = BIO_new_socket(new_sock, BIO_NOCLOSE);
-					SSL_set_ex_data(new_context->ssl, tls_ex_index_listener, &db->config->listeners[i]);
+		SSL_set_bio(new_context->ssl, bio, bio);
-					new_context->want_write = true;
+		ERR_clear_error();
-					bio = BIO_new_socket(new_sock, BIO_NOCLOSE);
+		rc = SSL_accept(new_context->ssl);
-					SSL_set_bio(new_context->ssl, bio, bio);
+		if(rc != 1){
-					ERR_clear_error();
+			rc = SSL_get_error(new_context->ssl, rc);
-					rc = SSL_accept(new_context->ssl);
+			if(rc == SSL_ERROR_WANT_READ){
-					if(rc != 1){
+				/* We always want to read. */
-						rc = SSL_get_error(new_context->ssl, rc);
+			}else if(rc == SSL_ERROR_WANT_WRITE){
-						if(rc == SSL_ERROR_WANT_READ){
+				new_context->want_write = true;
-							/* We always want to read. */
+			}else{
-						}else if(rc == SSL_ERROR_WANT_WRITE){
+				if(db->config->connection_messages == true){
-							new_context->want_write = true;
+					e = ERR_get_error();
-						}else{
+					while(e){
-							if(db->config->connection_messages == true){
+						log__printf(NULL, MOSQ_LOG_NOTICE,
-								e = ERR_get_error();
+								"Client connection from %s failed: %s.",
-								while(e){
+								new_context->address, ERR_error_string(e, ebuf));
-									log__printf(NULL, MOSQ_LOG_NOTICE,
+						e = ERR_get_error();
 											"Client connection from %s failed: %s.",
 											new_context->address, ERR_error_string(e, ebuf));
 									e = ERR_get_error();
 								}
 							}
 							context__cleanup(db, new_context, true);
 							return -1;
 						}
 					}
 				}
 				context__cleanup(db, new_context, true);
 				return -1;
 			}
 		}
 	}