commit 8dd6bc7ac418a6223dc43e794af30dc6762b7bbb
author Jaeden Amero <jaeden.amero@arm.com> Tue Sep 03 16:41:51 2019 +0100
committer Jaeden Amero <jaeden.amero@arm.com> Tue Sep 03 16:41:51 2019 +0100
tree 49848c5a8cf1be80e285b2b84e92534c94ccc1f3
parent 3f0fc38735046b056730adae3068f6255b952cff
parent 52bc1947ffd76a4c937f597c63f5eb4b00e13e69

Merge remote-tracking branch 'origin/pr/2803' into development

* origin/pr/2803:
  Add a ChangeLog entry for mbedtls_net_close()
  Added mbedtls_net_close and use it in ssl_fork_server to correctly disassociate the client socket from the parent process and the server socket from the child process.

ChangeLog

diff --git a/ChangeLog b/ChangeLog
index d5aa838..0eb76c8 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -18,6 +18,10 @@
      verified and significantly faster, but is only supported on x86 platforms
      (32-bit and 64-bit) using GCC, Clang or Visual Studio. Contributed by
      Christoph Wintersteiger from Microsoft Research.
+   * Add mbedtls_net_close(), enabling the building of forking servers where
+     the parent process closes the client socket and continue accepting, and
+     the child process closes the listening socket and handles the client
+     socket. Contributed by Robert Larsen in #2803.
 
 API Changes
    * Add DER-encoded test CRTs to library/certs.c, allowing

include/mbedtls/net_sockets.h

diff --git a/include/mbedtls/net_sockets.h b/include/mbedtls/net_sockets.h
index df42b45..adb589e 100644
--- a/include/mbedtls/net_sockets.h
+++ b/include/mbedtls/net_sockets.h
@@ -258,6 +258,13 @@
                       uint32_t timeout );
 
 /**
+ * \brief          Closes down the connection and free associated data
+ *
+ * \param ctx      The context to close
+ */
+void mbedtls_net_close( mbedtls_net_context *ctx );
+
+/**
  * \brief          Gracefully shutdown the connection and free associated data
  *
  * \param ctx      The context to free

library/net_sockets.c

diff --git a/library/net_sockets.c b/library/net_sockets.c
index 5d538bf..c7b358d 100644
--- a/library/net_sockets.c
+++ b/library/net_sockets.c
@@ -652,6 +652,19 @@
 }
 
 /*
+ * Close the connection
+ */
+void mbedtls_net_close( mbedtls_net_context *ctx )
+{
+    if( ctx->fd == -1 )
+        return;
+
+    close( ctx->fd );
+
+    ctx->fd = -1;
+}
+
+/*
  * Gracefully close the connection
  */
 void mbedtls_net_free( mbedtls_net_context *ctx )

programs/ssl/ssl_fork_server.c

diff --git a/programs/ssl/ssl_fork_server.c b/programs/ssl/ssl_fork_server.c
index 80407e4..851bc05 100644
--- a/programs/ssl/ssl_fork_server.c
+++ b/programs/ssl/ssl_fork_server.c
@@ -254,6 +254,7 @@
         if( pid != 0 )
         {
             mbedtls_printf( " ok\n" );
+            mbedtls_net_close( &client_fd );
 
             if( ( ret = mbedtls_ctr_drbg_reseed( &ctr_drbg,
                                          (const unsigned char *) "parent",
@@ -266,7 +267,7 @@
             continue;
         }
 
-        mbedtls_net_init( &listen_fd );
+        mbedtls_net_close( &listen_fd );
 
         pid = getpid();