nntp: call SSL_shutdown in normal cases

[public-inbox.git] / lib / PublicInbox / NNTP.pm

diff --git a/lib/PublicInbox/NNTP.pm b/lib/PublicInbox/NNTP.pm
index 468a22f529673b2aa0043fdb2d9b92237312b272..53de2bca2495c7b49b4369dbc1a94ebae7fa41fc 100644 (file)
--- a/lib/PublicInbox/NNTP.pm
+++ b/lib/PublicInbox/NNTP.pm
@@ -1,4 +1,4 @@
-# Copyright (C) 2015-2018 all contributors <meta@public-inbox.org>
+# Copyright (C) 2015-2019 all contributors <meta@public-inbox.org>
 # License: AGPL-3.0+ <https://www.gnu.org/licenses/agpl-3.0.txt>
 #
 # Each instance of this represents a NNTP client socket
@@ -24,7 +24,7 @@ use constant {
        r225 => '225 Headers follow (multi-line)',
        r430 => '430 No article with that message-id',
 };
-use PublicInbox::Syscall qw(EPOLLIN EPOLLONESHOT);
+use PublicInbox::Syscall qw(EPOLLOUT EPOLLONESHOT);
 use Errno qw(EAGAIN);
 
 my @OVERVIEW = qw(Subject From Date Message-ID References Xref);
@@ -74,11 +74,17 @@ sub expire_old () {
        my $exp = $EXPTIME;
        my $old = $now - $exp;
        my $nr = 0;
+       my $closed = 0;
        my %new;
        while (my ($fd, $v) = each %$EXPMAP) {
                my ($idle_time, $nntp) = @$v;
                if ($idle_time < $old) {
-                       $nntp->close; # idempotent
+                       if ($nntp->shutdn) {
+                               $closed++;
+                       } else {
+                               ++$nr;
+                               $new{$fd} = $v;
+                       }
                } else {
                        ++$nr;
                        $new{$fd} = $v;
@@ -91,16 +97,26 @@ sub expire_old () {
                $expt = undef;
                # noop to kick outselves out of the loop ASAP so descriptors
                # really get closed
-               PublicInbox::EvCleanup::asap(sub {});
+               PublicInbox::EvCleanup::asap(sub {}) if $closed;
        }
 }
 
 sub new ($$$) {
        my ($class, $sock, $nntpd) = @_;
        my $self = fields::new($class);
-       $self->SUPER::new($sock, EPOLLIN | EPOLLONESHOT);
+       my $ev = EPOLLOUT | EPOLLONESHOT;
+       my $wbuf = [];
+       if (ref($sock) eq 'IO::Socket::SSL' && !$sock->accept_SSL) {
+               $ev = PublicInbox::TLS::epollbit() or return CORE::close($sock);
+               $ev |= EPOLLONESHOT;
+               $wbuf->[0] = \&PublicInbox::DS::accept_tls_step;
+       }
+       $self->SUPER::new($sock, $ev);
        $self->{nntpd} = $nntpd;
-       res($self, '201 ' . $nntpd->{servername} . ' ready - post via email');
+       my $greet = "201 $nntpd->{servername} ready - post via email\r\n";
+       open my $fh, '<:scalar',  \$greet or die "open :scalar: $!";
+       push @$wbuf, $fh;
+       $self->{wbuf} = $wbuf;
        $self->{rbuf} = '';
        update_idle_time($self);
        $expt ||= PublicInbox::EvCleanup::later(*expire_old);
@@ -400,7 +416,7 @@ sub cmd_post ($) {
 sub cmd_quit ($) {
        my ($self) = @_;
        res($self, '205 closing connection - goodbye!');
-       $self->close;
+       $self->shutdn;
        undef;
 }
 
@@ -898,6 +914,19 @@ sub cmd_xover ($;$) {
        });
 }
 
+sub cmd_starttls ($) {
+       my ($self) = @_;
+       my $sock = $self->{sock} or return;
+       # RFC 4642 2.2.1
+       (ref($sock) eq 'IO::Socket::SSL') and return '502 Command unavailable';
+       my $opt = $self->{nntpd}->{accept_tls} or
+               return '580 can not initiate TLS negotiation';
+       res($self, '382 Continue with TLS negotiation');
+       $self->{sock} = IO::Socket::SSL->start_SSL($sock, %$opt);
+       requeue($self) if PublicInbox::DS::accept_tls_step($self);
+       undef;
+}
+
 sub cmd_xpath ($$) {
        my ($self, $mid) = @_;
        return r501 unless $mid =~ /\A<(.+)>\z/;