[systemd-devel] SSL_connect fails on systemd socket

Mantas Mikulėnas grawity at gmail.com
Tue Jan 28 14:31:55 UTC 2020


On Tue, Jan 28, 2020 at 4:23 PM Tiwari, Hari Sahaya <
hari-sahaya.tiwari at hpe.com> wrote:

> Hi,
>
>
>
> I am trying to implement a client server program over SSL through systemd.
>
> Here I have a TCP systemd socket (listening on a predefined port) and its
> associated service.
>
>
>
> systemd socket file:-
>
> # cat /usr/lib/systemd/system/test_ssl.socket
>
> [Unit]
>
> Description=Test socket
>
>
>
> [Socket]
>
> ListenStream=2000
>
> Accept=true
>
> MaxConnections=900
>
>
>
> [Install]
>
> WantedBy=sockets.target
>
>
>
> systemd service file:-
>
> # cat /usr/lib/systemd/system/test_ssl at .service
>
> [Unit]
>
> Description= Test Service
>
> Requires=test_ssl.socket
>
>
>
> [Service]
>
> ExecStart=/home/SSL/server
>
> StandardInput=socket
>
> KillMode=process
>
>
>
> [Install]
>
> WantedBy=multi-user.target
>
>
>
> The service file invoke the binary /home/SSL/server.
>
>
>
> Here is it a very simple client server program, where
>
> 1.       Server binds and listens on a port number.
>
You need to remove this part if you want to use socket activation. The
whole point of .socket units here is that systemd binds to the socket and
passes the fd over to your service. If your service ignores the received fd
and tries to create its own socket, it will never be able to receive the
connections.

By default, the service would receive the sockets as fd#3 and ahove (see
https://www.freedesktop.org/software/systemd/man/sd_listen_fds.html for
documentation), but because you use StandardInput=socket, it will receive
the socket as fd#1.

> 2.       Client first connects to server with normal connect (server will
> do accept)
>
Your .socket specifies Accept=true, so you should remove this part as well:
the option means that systemd itself will accept the connection and only
hand your server the accepted socket.



-- 
Mantas Mikulėnas
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.freedesktop.org/archives/systemd-devel/attachments/20200128/281ce096/attachment.htm>


More information about the systemd-devel mailing list