[systemd-devel] SSL_connect fails on systemd socket

Tiwari, Hari Sahaya hari-sahaya.tiwari at hpe.com
Wed Jan 29 13:14:13 UTC 2020


Thanks for the response.

Yes the server program need not bind and listen because systemd socket will do that.

On “Accept=True” parameter, here the requirement is that systemd should accept the connection and handover it to server.

My query was on post the connection accept by systemd.
Once the regular connection is accepted, client does SSL_connect over same fd to establish SSL connection.
Will this SSL connect request also be handled by systemd ?

Regards,
Hari.


From: Mantas Mikulėnas [mailto:grawity at gmail.com]
Sent: Tuesday, January 28, 2020 8:02 PM
To: Tiwari, Hari Sahaya <hari-sahaya.tiwari at hpe.com>
Cc: systemd-devel at lists.freedesktop.org
Subject: Re: [systemd-devel] SSL_connect fails on systemd socket

On Tue, Jan 28, 2020 at 4:23 PM Tiwari, Hari Sahaya <hari-sahaya.tiwari at hpe.com<mailto:hari-sahaya.tiwari at hpe.com>> wrote:
Hi,

I am trying to implement a client server program over SSL through systemd.
Here I have a TCP systemd socket (listening on a predefined port) and its associated service.

systemd socket file:-
# cat /usr/lib/systemd/system/test_ssl.socket
[Unit]
Description=Test socket

[Socket]
ListenStream=2000
Accept=true
MaxConnections=900

[Install]
WantedBy=sockets.target

systemd service file:-
# cat /usr/lib/systemd/system/test_ssl at .service<mailto:/usr/lib/systemd/system/test_ssl at .service>
[Unit]
Description= Test Service
Requires=test_ssl.socket

[Service]
ExecStart=/home/SSL/server
StandardInput=socket
KillMode=process

[Install]
WantedBy=multi-user.target

The service file invoke the binary /home/SSL/server.

Here is it a very simple client server program, where

1.       Server binds and listens on a port number.
You need to remove this part if you want to use socket activation. The whole point of .socket units here is that systemd binds to the socket and passes the fd over to your service. If your service ignores the received fd and tries to create its own socket, it will never be able to receive the connections.

By default, the service would receive the sockets as fd#3 and ahove (see https://www.freedesktop.org/software/systemd/man/sd_listen_fds.html<https://www.freedesktop.org/software/systemd/man/sd_listen_fds.html> for documentation), but because you use StandardInput=socket, it will receive the socket as fd#1.

2.       Client first connects to server with normal connect (server will do accept)
Your .socket specifies Accept=true, so you should remove this part as well: the option means that systemd itself will accept the connection and only hand your server the accepted socket.



--
Mantas Mikulėnas
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.freedesktop.org/archives/systemd-devel/attachments/20200129/e6c52476/attachment.htm>


More information about the systemd-devel mailing list