From a6b8ed277b5a86e98507fc2e8c59774c2c8a1985 Mon Sep 17 00:00:00 2001 From: Chuck Lever Date: Tue, 23 Sep 2025 14:16:41 -0400 Subject: [PATCH 1/2] tlshd: Restore the date in tlshd.conf(5) Fixes: b8adcac17d4a ("tlshd: Relocate /etc/tlshd.conf") Signed-off-by: Chuck Lever --- man/man5/tlshd.conf.5 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/man/man5/tlshd.conf.5 b/man/man5/tlshd.conf.5 index 94981b4..796c634 100644 --- a/man/man5/tlshd.conf.5 +++ b/man/man5/tlshd.conf.5 @@ -18,7 +18,7 @@ .\" tlshd.conf(5) .\" .\" Copyright (c) 2022 Oracle and/or its affiliates. -.TH tlshd.conf 5 "$(date +'%B %Y')" +.TH tlshd.conf 5 "23 Sep 2025" .SH NAME tlshd.conf \- tlshd configuration file .SH SYNOPSIS From b52ca7c0a9c167340950a10d8dc56be1b95f5c40 Mon Sep 17 00:00:00 2001 From: Chuck Lever Date: Tue, 23 Sep 2025 19:30:16 -0400 Subject: [PATCH 2/2] tlshd: Clean up logic in tlshd_start_tls_handshake() gnutls_handshake() is supposed to return only a GNUTLS_E value, and the session_status field is supposed to contain only a positive errno. GNUTLS_E_PREMATURE_TERMINATION is -110. It turns out that on x86, -ETIMEDOUT is also -110. Make sure the correct symbolic constants and auditing functions are utilized. Fixes: b010190cfed2 ("tlshd: Pass ETIMEDOUT from gnutls to kernel") Reviewed-by: Benjamin Coddington Signed-off-by: Chuck Lever --- src/tlshd/handshake.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/src/tlshd/handshake.c b/src/tlshd/handshake.c index 5a28939..f688932 100644 --- a/src/tlshd/handshake.c +++ b/src/tlshd/handshake.c @@ -97,12 +97,12 @@ void tlshd_start_tls_handshake(gnutls_session_t session, case GNUTLS_E_CERTIFICATE_VERIFICATION_ERROR: tlshd_log_cert_verification_error(session); break; - case -ETIMEDOUT: - tlshd_log_gnutls_error(ret); - parms->session_status = -ret; + case GNUTLS_E_PREMATURE_TERMINATION: + tlshd_log_error("Handshake timeout, retrying"); + parms->session_status = ETIMEDOUT; break; default: - tlshd_log_notice("tlshd_start_tls_handshake unhandled error %d, returning EACCES\n", ret); + tlshd_log_gnutls_error(ret); } return; }