0.1.0 released.

.gitignore

@@ -41,3 +41,4 @@ lib/libsntl.pc
 examples/sntlc
 examples/sntld
 examples/gentest
+debian/tmp

configure.ac

@@ -1,6 +1,6 @@
 dnl Process this file with autoconf to produce a configure script.
 
-AC_INIT(libsntl, 0.1)
+AC_INIT(libsntl, 0.1.0)
 
 #LDFLAGS="$LDFLAGS -L/mingw/lib -L/local/lib"
 

debian/README.Debian

@@ -0,0 +1,6 @@
+libsntl for Debian
+-------------------
+
+<possible notes regarding this package - if none, delete this file>
+
+ -- Alexander Vdolainen <vdo@daze>  Mon, 24 Nov 2014 11:52:48 +0200

debian/README.source

@@ -0,0 +1,9 @@
+libsntl for Debian
+-------------------
+
+<this file describes information about the source package, see Debian policy
+manual section 4.14. You WILL either need to modify or delete this file>
+
+
+
+

debian/changelog

@@ -0,0 +1,5 @@
+libsntl (0.1.0) stable; urgency=low
+
+  * Initial release (Closes: #nnnn)  <nnnn is the bug number of your ITP>
+
+ -- Alexander Vdolainen <vdo@daze>  Mon, 24 Nov 2014 11:52:48 +0200

debian/compat

@@ -0,0 +1 @@
+8

debian/control

@@ -0,0 +1,23 @@
+Source: libsntl
+Priority: extra
+Maintainer: Alexander Vdolainen <vdo@askele.com>
+Build-Depends: debhelper (>= 8.0.0), autotools-dev, libssl-dev, libsexpr-dev, libtdata-dev, uuid-dev
+Standards-Version: 3.9.3
+Section: libs
+Homepage: http://askele.com/software
+#Vcs-Git: git://git.debian.org/collab-maint/libsntl.git
+#Vcs-Browser: http://git.debian.org/?p=collab-maint/libsntl.git;a=summary
+
+Package: libsntl-dev
+Section: libdevel
+Architecture: any
+Depends: libsntl (= ${binary:Version}), libsexpr-dev, libssl1.0.0-dev, libtdata-dev, uuid-dev
+Description: Development files for libsntl
+ Development files for sntl library
+
+Package: libsntl
+Section: libs
+Architecture: any
+Depends: ${shlibs:Depends}, ${misc:Depends}, libsexpr, libssl1.0.0, libtdata, libuuid1
+Description: Secure Networking Transport Layer implementation library
+ Library used to develop secure services

debian/copyright

@@ -0,0 +1,38 @@
+Format: http://www.debian.org/doc/packaging-manuals/copyright-format/1.0/
+Upstream-Name: libsntl
+Source: <url://example.com>
+
+Files: *
+Copyright: <years> <put author's name and email here>
+           <years> <likewise for another author>
+License: <special license>
+ <Put the license of the package here indented by 1 space>
+ <This follows the format of Description: lines in control file>
+ .
+ <Including paragraphs>
+
+# If you want to use GPL v2 or later for the /debian/* files use 
+# the following clauses, or change it to suit. Delete these two lines
+Files: debian/*
+Copyright: 2014 Alexander Vdolainen <vdo@daze>
+License: GPL-2+
+ This package is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 2 of the License, or
+ (at your option) any later version.
+ .
+ This package is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ GNU General Public License for more details.
+ .
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>
+ .
+ On Debian systems, the complete text of the GNU General
+ Public License version 2 can be found in "/usr/share/common-licenses/GPL-2".
+
+# Please also look if there are files or directories which have a
+# different copyright/license attached and list them here.
+# Please avoid to pick license terms that are more restrictive than the
+# packaged work, as it may make Debian's contributions unacceptable upstream.

debian/docs

@@ -0,0 +1,2 @@
+NEWS
+README

debian/emacsen-install.ex

@@ -0,0 +1,47 @@
+#! /bin/sh -e
+# /usr/lib/emacsen-common/packages/install/libsntl
+
+# Written by Jim Van Zandt <jrv@debian.org>, borrowing heavily
+# from the install scripts for gettext by Santiago Vila
+# <sanvila@ctv.es> and octave by Dirk Eddelbuettel <edd@debian.org>.
+
+FLAVOR=$1
+PACKAGE=libsntl
+
+if [ ${FLAVOR} = emacs ]; then exit 0; fi
+
+echo install/${PACKAGE}: Handling install for emacsen flavor ${FLAVOR}
+
+#FLAVORTEST=`echo $FLAVOR | cut -c-6`
+#if [ ${FLAVORTEST} = xemacs ] ; then
+#    SITEFLAG="-no-site-file"
+#else
+#    SITEFLAG="--no-site-file"
+#fi
+FLAGS="${SITEFLAG} -q -batch -l path.el -f batch-byte-compile"
+
+ELDIR=/usr/share/emacs/site-lisp/${PACKAGE}
+ELCDIR=/usr/share/${FLAVOR}/site-lisp/${PACKAGE}
+ELRELDIR=../../../emacs/site-lisp/${PACKAGE}
+
+# Install-info-altdir does not actually exist.
+# Maybe somebody will write it.
+if test -x /usr/sbin/install-info-altdir; then
+    echo install/${PACKAGE}: install Info links for ${FLAVOR}
+    install-info-altdir --quiet --section "" "" --dirname=${FLAVOR} /usr/share/info/${PACKAGE}.info.gz
+fi
+
+install -m 755 -d ${ELCDIR}
+cd ${ELDIR}
+FILES=`echo *.el`
+cd ${ELCDIR}
+ln -sf ${ELRELDIR}/*.el .
+
+cat << EOF > path.el
+(debian-pkg-add-load-path-item ".")
+(setq byte-compile-warnings nil)
+EOF
+${FLAVOR} ${FLAGS} ${FILES}
+rm -f path.el
+
+exit 0

debian/emacsen-remove.ex

@@ -0,0 +1,15 @@
+#!/bin/sh -e
+# /usr/lib/emacsen-common/packages/remove/libsntl
+
+FLAVOR=$1
+PACKAGE=libsntl
+
+if [ ${FLAVOR} != emacs ]; then
+    if test -x /usr/sbin/install-info-altdir; then
+        echo remove/${PACKAGE}: removing Info links for ${FLAVOR}
+        install-info-altdir --quiet --remove --dirname=${FLAVOR} /usr/share/info/libsntl.info.gz
+    fi
+
+    echo remove/${PACKAGE}: purging byte-compiled files for ${FLAVOR}
+    rm -rf /usr/share/${FLAVOR}/site-lisp/${PACKAGE}
+fi

debian/emacsen-startup.ex

@@ -0,0 +1,27 @@
+;; -*-emacs-lisp-*-
+;;
+;; Emacs startup file, e.g.  /etc/emacs/site-start.d/50libsntl.el
+;; for the Debian libsntl package
+;;
+;; Originally contributed by Nils Naumann <naumann@unileoben.ac.at>
+;; Modified by Dirk Eddelbuettel <edd@debian.org>
+;; Adapted for dh-make by Jim Van Zandt <jrv@debian.org>
+
+;; The libsntl package follows the Debian/GNU Linux 'emacsen' policy and
+;; byte-compiles its elisp files for each 'emacs flavor' (emacs19,
+;; xemacs19, emacs20, xemacs20...).  The compiled code is then
+;; installed in a subdirectory of the respective site-lisp directory.
+;; We have to add this to the load-path:
+(let ((package-dir (concat "/usr/share/"
+                           (symbol-name debian-emacs-flavor)
+                           "/site-lisp/libsntl")))
+;; If package-dir does not exist, the libsntl package must have
+;; removed but not purged, and we should skip the setup.
+  (when (file-directory-p package-dir)
+    (if (fboundp 'debian-pkg-add-load-path-item)
+        (debian-pkg-add-load-path-item package-dir)
+      (setq load-path (cons package-dir load-path)))
+    (autoload 'libsntl-mode "libsntl-mode"
+      "Major mode for editing libsntl files." t)
+    (add-to-list 'auto-mode-alist '("\\.libsntl$" . libsntl-mode))))
+

debian/files

@@ -0,0 +1,2 @@
+libsntl-dev_0.1.0_amd64.deb libdevel extra
+libsntl_0.1.0_amd64.deb libs extra

debian/init.d.ex

@@ -0,0 +1,154 @@
+#!/bin/sh
+### BEGIN INIT INFO
+# Provides:          libsntl
+# Required-Start:    $network $local_fs
+# Required-Stop:
+# Default-Start:     2 3 4 5
+# Default-Stop:      0 1 6
+# Short-Description: <Enter a short description of the software>
+# Description:       <Enter a long description of the software>
+#                    <...>
+#                    <...>
+### END INIT INFO
+
+# Author: Alexander Vdolainen <vdo@daze>
+
+# PATH should only include /usr/* if it runs after the mountnfs.sh script
+PATH=/sbin:/usr/sbin:/bin:/usr/bin
+DESC=libsntl             # Introduce a short description here
+NAME=libsntl             # Introduce the short server's name here
+DAEMON=/usr/sbin/libsntl # Introduce the server's location here
+DAEMON_ARGS=""             # Arguments to run the daemon with
+PIDFILE=/var/run/$NAME.pid
+SCRIPTNAME=/etc/init.d/$NAME
+
+# Exit if the package is not installed
+[ -x $DAEMON ] || exit 0
+
+# Read configuration variable file if it is present
+[ -r /etc/default/$NAME ] && . /etc/default/$NAME
+
+# Load the VERBOSE setting and other rcS variables
+. /lib/init/vars.sh
+
+# Define LSB log_* functions.
+# Depend on lsb-base (>= 3.0-6) to ensure that this file is present.
+. /lib/lsb/init-functions
+
+#
+# Function that starts the daemon/service
+#
+do_start()
+{
+	# Return
+	#   0 if daemon has been started
+	#   1 if daemon was already running
+	#   2 if daemon could not be started
+	start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $DAEMON --test > /dev/null \
+		|| return 1
+	start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $DAEMON -- \
+		$DAEMON_ARGS \
+		|| return 2
+	# Add code here, if necessary, that waits for the process to be ready
+	# to handle requests from services started subsequently which depend
+	# on this one.  As a last resort, sleep for some time.
+}
+
+#
+# Function that stops the daemon/service
+#
+do_stop()
+{
+	# Return
+	#   0 if daemon has been stopped
+	#   1 if daemon was already stopped
+	#   2 if daemon could not be stopped
+	#   other if a failure occurred
+	start-stop-daemon --stop --quiet --retry=TERM/30/KILL/5 --pidfile $PIDFILE --name $NAME
+	RETVAL="$?"
+	[ "$RETVAL" = 2 ] && return 2
+	# Wait for children to finish too if this is a daemon that forks
+	# and if the daemon is only ever run from this initscript.
+	# If the above conditions are not satisfied then add some other code
+	# that waits for the process to drop all resources that could be
+	# needed by services started subsequently.  A last resort is to
+	# sleep for some time.
+	start-stop-daemon --stop --quiet --oknodo --retry=0/30/KILL/5 --exec $DAEMON
+	[ "$?" = 2 ] && return 2
+	# Many daemons don't delete their pidfiles when they exit.
+	rm -f $PIDFILE
+	return "$RETVAL"
+}
+
+#
+# Function that sends a SIGHUP to the daemon/service
+#
+do_reload() {
+	#
+	# If the daemon can reload its configuration without
+	# restarting (for example, when it is sent a SIGHUP),
+	# then implement that here.
+	#
+	start-stop-daemon --stop --signal 1 --quiet --pidfile $PIDFILE --name $NAME
+	return 0
+}
+
+case "$1" in
+  start)
+    [ "$VERBOSE" != no ] && log_daemon_msg "Starting $DESC " "$NAME"
+    do_start
+    case "$?" in
+		0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;;
+		2) [ "$VERBOSE" != no ] && log_end_msg 1 ;;
+	esac
+  ;;
+  stop)
+	[ "$VERBOSE" != no ] && log_daemon_msg "Stopping $DESC" "$NAME"
+	do_stop
+	case "$?" in
+		0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;;
+		2) [ "$VERBOSE" != no ] && log_end_msg 1 ;;
+	esac
+	;;
+  status)
+       status_of_proc "$DAEMON" "$NAME" && exit 0 || exit $?
+       ;;
+  #reload|force-reload)
+	#
+	# If do_reload() is not implemented then leave this commented out
+	# and leave 'force-reload' as an alias for 'restart'.
+	#
+	#log_daemon_msg "Reloading $DESC" "$NAME"
+	#do_reload
+	#log_end_msg $?
+	#;;
+  restart|force-reload)
+	#
+	# If the "reload" option is implemented then remove the
+	# 'force-reload' alias
+	#
+	log_daemon_msg "Restarting $DESC" "$NAME"
+	do_stop
+	case "$?" in
+	  0|1)
+		do_start
+		case "$?" in
+			0) log_end_msg 0 ;;
+			1) log_end_msg 1 ;; # Old process is still running
+			*) log_end_msg 1 ;; # Failed to start
+		esac
+		;;
+	  *)
+	  	# Failed to stop
+		log_end_msg 1
+		;;
+	esac
+	;;
+  *)
+	#echo "Usage: $SCRIPTNAME {start|stop|restart|reload|force-reload}" >&2
+	echo "Usage: $SCRIPTNAME {start|stop|status|restart|force-reload}" >&2
+	exit 3
+	;;
+esac
+
+:

debian/libsntl-dev.debhelper.log

@@ -0,0 +1,50 @@
+dh_autotools-dev_updateconfig
+dh_auto_configure
+dh_auto_build
+dh_auto_test
+dh_prep
+dh_installdirs
+dh_auto_install
+dh_install
+dh_installdocs
+dh_installchangelogs
+dh_installexamples
+dh_installman
+dh_installcatalogs
+dh_installcron
+dh_installdebconf
+dh_installemacsen
+dh_installifupdown
+dh_installinfo
+dh_pysupport
+dh_installinit
+dh_installmenu
+dh_installmime
+dh_installmodules
+dh_installlogcheck
+dh_installlogrotate
+dh_installpam
+dh_installppp
+dh_installudev
+dh_installwm
+dh_installxfonts
+dh_installgsettings
+dh_bugfiles
+dh_ucf
+dh_lintian
+dh_gconf
+dh_icons
+dh_perl
+dh_usrlocal
+dh_link
+dh_compress
+dh_fixperms
+dh_strip
+dh_makeshlibs
+dh_shlibdeps
+dh_installdeb
+dh_gencontrol
+dh_md5sums
+dh_builddeb
+dh_builddeb
+dh_builddeb

debian/libsntl-dev.dirs

@@ -0,0 +1,2 @@
+usr/lib
+usr/include

debian/libsntl-dev.install

@@ -0,0 +1,4 @@
+usr/include/*
+usr/lib/lib*.a
+usr/lib/lib*.so
+usr/lib/pkgconfig/*

debian/libsntl-dev.substvars

@@ -0,0 +1 @@
+misc:Depends=

debian/libsntl-dev/DEBIAN/control

@@ -0,0 +1,12 @@
+Package: libsntl-dev
+Source: libsntl
+Version: 0.1.0
+Architecture: amd64
+Maintainer: Alexander Vdolainen <vdo@askele.com>
+Installed-Size: 94
+Depends: libsntl (= 0.1.0), libsexpr-dev, libssl1.0.0-dev, libtdata-dev, uuid-dev
+Section: libdevel
+Priority: extra
+Homepage: http://askele.com/software
+Description: Development files for libsntl
+ Development files for sntl library

debian/libsntl-dev/DEBIAN/md5sums

@@ -0,0 +1,9 @@
+a308bdc1ae862fbc6d6a17ed75e33bfa  usr/include/sntl/connection.h
+57ab61abf79d35bcc7cf5f186b55cf76  usr/include/sntl/pth_queue.h
+29d522606ca36fcb6113762477f32ea5  usr/lib/libsntl.a
+e6cfd12c5a6771aac0251ba14bdc5a6c  usr/lib/pkgconfig/libsntl.pc
+71871531899aaf89ff3e0c7d659ff820  usr/share/doc/libsntl-dev/NEWS.gz
+f93d2d6c0d313ad0266f6f88cf4d3d2a  usr/share/doc/libsntl-dev/README
+c3f0efcfa0458a2eaab242c388b28bda  usr/share/doc/libsntl-dev/README.Debian
+87736146030b265e3f3c8b577726c44b  usr/share/doc/libsntl-dev/changelog.gz
+7f3520d22e4f7e2bbbb8bf0b1b104a9e  usr/share/doc/libsntl-dev/copyright

debian/libsntl-dev/usr/include/sntl/connection.h

@@ -0,0 +1,320 @@
+/*
+ * File:   connection.h
+ * Author: vdo
+ *
+ * Created on September 24, 2014, 2:36 AM
+ */
+
+#ifndef __ESXC_CONNECTION_H_
+#define	__ESXC_CONNECTION_H_
+
+#include <stdint.h>
+#include <time.h>
+#include <sys/types.h>
+#include <pthread.h>
+
+#include <openssl/ssl.h>
+
+#include <tdata/usrtc.h>
+#include <tdata/idx_allocator.h>
+#include <sexpr/sexp.h>
+#include <sexpr/faststack.h>
+
+#include <sntl/pth_queue.h>
+
+/* error codes */
+#define ESXOREPLYREQ   44  /* protocol require reply with expression,
+                            * or expression return for the request */
+#define ESXOTIMEDOUT   45  /* timedout */
+#define ESXRCBADPROT   46  /* invalid protocol */
+#define ESXNOCONNECT   47  /* connection is lost */
+#define ESXNOCHANSUP   48
+#define ESXRAPIDREPLY  49
+
+/* sexp helpers */
+#define SEXP_IS_LIST(sx) \
+        ((sx)->ty == SEXP_LIST) ? 1 : 0
+
+#define SEXP_IS_TYPE(sx,type) \
+        ((sx)->ty == SEXP_VALUE && (sx)->aty == (type)) ? 1 : 0
+
+#define SEXP_ITERATE_LIST(lst, iter, ind) \
+        for((ind) = 0, (iter) = (lst)->list; (ind) < sexp_list_length(lst); \
+            (ind)++, (iter) = (iter)->next)
+#ifdef __cplusplus
+extern "C" {
+#endif
+int sexp_list_cdr(sexp_t *expr, sexp_t **sx);
+int sexp_list_car(sexp_t *expr, sexp_t **sx);
+#ifdef __cplusplus
+}
+#endif
+
+#define VERIFY_DEPTH  1  /* FIXME: */
+
+#define MAX_CONNECTIONS  32768
+#define MAX_CHANNELS     4096
+#define MAX_RPC_LIST     2048
+#define MAX_MULTI        12
+#define MAX_PENDINGMSG   16384
+#define MAX_MSGINDEX     ((MAX_PENDINGMSG) * (MAX_MULTI))
+
+typedef struct __perm_context_type {
+  char *login;
+  char *passwd;
+  ulong_t certid;
+  ulong_t uid;
+  ulong_t gid;
+  ulong_t *gids;
+  int n_gids;
+  int p_attr;
+  struct in_addr *addr;
+  void *priv;
+} perm_ctx_t;
+
+#define CXCONN_MASTER  (1 << 1)
+#define CXCONN_SLAVE   (1 << 2)
+#define CXCONN_ESTABL  (1 << 3)
+#define CXCONN_BROKEN  (1 << 4)
+
+/*
+ * älä jätä kommentteja omalla kielellä! yksinkertaisia englanti sijaan!
+ * i found somebody who write comments and messages in non-english,
+ * itäs a fucking practice - forget it.
+ */
+typedef struct __connection_t {
+  char *uuid; /** < uuid of the connection */
+  idx_allocator_t *idx_ch; /** < index allocation for channels */
+  usrtc_t *chnl_tree; /** < search tree of all channels */
+  usrtc_t *rpc_list; /** < search tree of possible RPC typed lists */
+  SSL_CTX *ctx; /** < SSL context */
+  SSL *ssl; /** < SSL connection */
+  int ssl_data_index; /** < SSL index for the custom data */
+  perm_ctx_t *pctx; /** < higher layer authentification context */
+  pthread_t cthread; /** < thread for listening the connection socket */
+  pthread_t rmsgthread; /** < thread for message queue (1) */
+  pthread_t msgthread; /** < thread for message queue (2) */
+  pth_queue_t *mqueue; /** < message queue (2) */
+  pth_queue_t *rqueue; /** < message queue (1) */
+  pth_dqtpoll_t *tpoll; /** < thread poll for rpc requests */
+  pthread_mutex_t oplock; /** < mutex used to sync operations on connection */
+  pthread_rwlock_t chnl_lock; /** < rwlock used to sync ops with channels */
+  int flags; /** < flags of the connection */
+  usrtc_node_t csnode; /** < node to store the connection within list */
+} conn_t;
+
+struct __connection_rpc_list_type;
+struct __message_t;
+
+#define ESXCHAN_PENDING  (1 << 1)
+#define ESXCHAN_CLOSURE  (1 << 2)
+
+typedef struct __channel_t {
+  ulong_t cid; /** < ID of the channel */
+  char *uuid; /** < UUID of the channel, used in advanced implementation
+                * of the complex distributed systems */
+  conn_t *connection; /** < pointer to the parent connection */
+  idx_allocator_t *idx_msg; /** < index allocation for messages */
+  usrtc_t *msgs_tree; /** < search tree of the existing messages */
+  struct __message_t *sysmsg; /** < system message used to operate with channel */
+  struct __connection_rpc_list_type *rpc_list; /** < rpc functions list */
+  pthread_mutex_t oplock; /** < operation ops lock */
+  pthread_rwlock_t msglock; /** < rwlock used to operate with messages */
+  usrtc_node_t node; /** < node for connection search tree */
+  int use_count; /** < use count */
+  int flags; /** < flags of the channel */
+} chnl_t;
+
+typedef struct __sexp_payload_t {
+  char *cstr;
+  sexp_t *sx;
+} sxpayload_t;
+
+#define ESX_SYSMSG_SIZE  512
+
+#define ESXMSG_SYS       (1 << 1)
+#define ESXMSG_USR       (1 << 2)
+#define ESXMSG_PENDING   (1 << 3)
+#define ESXMSG_NOWAY     (1 << 4)
+#define ESXMSG_TIMEDOUT  (1 << 5)
+#define ESXMSG_PULSE     (1 << 6)
+#define ESXMSG_NOWAIT    (1 << 7)
+#define ESXMSG_ISREPLY   (1 << 8)
+#define ESXMSG_CLOSURE   (1 << 9)
+#define ESXMSG_RMONRETR  (1 << 10)
+#define ESXMSG_KILLTHRD  (1 << 11)
+#define ESXMSG_ISRAPID   (1 << 12)
+
+/**
+ * \brief Message used in sntl message passing
+ *
+ * This structure used to manage a message within a channel
+ * of the sntl structure stack.
+ */
+typedef struct __message_t {
+  chnl_t *pch; /** < channel of the message(if applicable) */
+  ulong_t mid; /** < unique ID within connection context */
+  char *uuid; /** < UUID of the message, used for special messages */
+  usrtc_node_t pendingq_node; /** < node for the pending queue */
+  pthread_mutex_t wait; /** < special wait mutex, used for sync */
+  void *payload; /** < payload */
+  sexp_t *initial_sx;
+  int opcode; /** < opcode for system and pulse messages */
+  int flags; /** < flags of the message (type, state etc ...)*/
+  int use_count; /** < use count */
+} sxmsg_t;
+
+typedef struct __connection_rpc_entry_type {
+  char *name;
+  int (*rpcf)(void *, sexp_t *);
+  usrtc_node_t node;
+} cx_rpc_t;
+
+typedef struct __connection_rpc_list_type {
+  usrtc_t *rpc_tree; /** < search tree for the rpc lookup */
+  char *opt_version; /** < reserved for future implementations */
+} cx_rpc_list_t;
+
+/**
+ * \brief Connection subsystem structure.
+ *
+ * This structure used for management and control a set of a
+ * determined connections with the same RPC lists and the same
+ * mode (server, client).
+ *
+ */
+typedef struct __connections_subsys_type {
+  int ex_ssldata_index; /** < index used to work with additional data
+                         * provided to the special call during SSL handshake */
+  usrtc_t *connections;
+  pth_queue_t *ioq; /** < general messages queue */
+  pth_queue_t *ioqueue; /** < system messages queue */
+  /* system threads */
+  pthread_t iog_thread; /** < general io queue */
+  pthread_t ios_thread; /** < system io queue */
+  pthread_rwlock_t rwlock;
+  char *rootca, *certpem, *certkey; /* path name to the certificates */
+  cx_rpc_list_t *system_rpc;
+  /* special functions pointers */
+  int (*validate_sslpem)(conn_t *); /** < this function used to validate SSL certificate while SSL handshake */
+  int (*secure_check)(conn_t *); /** < this function authorize user to login,
+                                  * and also should check SSL cert and user, and already made sessions */
+  usrtc_t* (*get_rpc_typed_list_tree)(conn_t *); /** < this function is used to set RPC list of the functions */
+  int (*set_typed_list_callback)(conn_t *, int, char *); /** < this function is a callback
+                                                          * during setting up a typed channel */
+  void (*on_destroy)(conn_t *); /** < callback on connection destroy  */
+  void *priv;
+} conn_sys_t;
+
+typedef struct __rpc_typed_list_type {
+  int type_id;
+  char *description;
+  cx_rpc_list_t *rpc_list;
+  usrtc_node_t lnode;
+} rpc_typed_list_t;
+
+extern conn_sys_t *conn_sys;
+
+/* General API */
+/* subsystem */
+
+extern conn_sys_t *conn_sys;
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+int connections_subsystem_init(void);
+
+int connections_subsystem_setsslserts(const char *rootca, const char *certpem,
+                                      const char *certkey);
+
+int connections_subsystem_setrpclist_function(usrtc_t* (*get_rpc_typed_list_tree)(conn_t *));
+
+#ifdef __cplusplus
+}
+#endif
+
+#define connections_subsystem_set_securecheck(c, fuu)    (c)->secure_check = fuu
+#define connections_subsystem_set_sslvalidator(c, fuu)   (c)->validate_sslpem = fuu
+#define connections_subsystem_set_rpctlist_call(c, fuu)  (c)->set_typed_list_callback = fuu
+#define connections_subsystem_set_on_destroy(c, fuu)     (c)->on_destroy = fuu
+
+/* connection */
+#define connection_create(c, s)  connection_create_fapi((c), (s), NULL)
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+int connection_initiate (conn_t *co, const char *host, int port,
+                         const char *SSL_cert, perm_ctx_t *pctx);
+
+int connection_create_fapi(conn_t *co, int sck, struct in_addr *addr);
+
+int connection_close(conn_t *co);
+
+/* FIXME: for the next versions */
+int connection_reinit(conn_t *co);
+
+/* channels */
+int channel_open(conn_t *co, chnl_t **ch, int type);
+
+int channel_close(chnl_t *chnl);
+
+/* message passing */
+int msg_send(chnl_t *ch, sexp_t *sx, sxmsg_t **msg);
+
+int msg_send_timed(chnl_t *ch, sexp_t *sx, sxmsg_t **msg, struct timespec *tio);
+
+int msg_return(sxmsg_t *msg, int opcode);
+
+int msg_reply(sxmsg_t *msg, sexp_t *sx);
+
+int msg_reply_timed(sxmsg_t *msg, sexp_t *sx, struct timespec *tio);
+
+/* reply with S expression without confirmation of delivery and applying */
+int msg_reply_rapid(sxmsg_t *msg, sexp_t *sx);
+
+/* this is required to clean the message in case if it's a rapid message */
+int msg_rapid_clean(sxmsg_t *msg);
+
+int msg_send_pulse(chnl_t *ch, sexp_t *sx);
+
+int msg_send_pulse_timed(chnl_t *ch, sexp_t *sx, struct timespec *tio);
+
+int msg_send_pulse_nowait(chnl_t *ch, sexp_t *sx);
+
+#ifdef __cplusplus
+}
+#endif
+
+/* additional functions */
+#define sntl_msg_get_secctx(m)  (m)->pch->connection->pctx
+
+/* RPC List API */
+#define SNTL_FILTER_INC  0xa
+#define SNTL_FILTER_EXC  0xb
+#define SNTL_FILTER_END  -1
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+int sntl_rpclist_init(usrtc_t *tree);
+
+int sntl_rpclist_add(usrtc_t *tree, int type, const char *description,
+                     const char *version);
+
+int sntl_rpclist_add_function(usrtc_t *tree, int type, const char *fu_name,
+                              int (*rpcf)(void *, sexp_t *));
+
+int sntl_rpclist_filter(usrtc_t *source, usrtc_t **dest, int flag, int *filter);
+
+#ifdef __cplusplus
+}
+#endif
+
+/* for DEBUG purposes */
+#define __DBGLINE  fprintf(stderr, "%s:%d at %s\n", __FILE__, __LINE__, __FUNCTION__)
+
+#endif	/* __ESXC_CONNECTION_H_ */
+

debian/libsntl-dev/usr/include/sntl/pth_queue.h

@@ -0,0 +1,117 @@
+/*
+ * This is a proprietary software. See COPYING for further details.
+ *
+ * (c) 2013 Copyright Askele, inc. <http://askele.com>
+ * (c) 2013 Copyright Askele Ingria, inc. <http://askele-ingria.com>
+ * (c) 2014 Copyright Confident, inc. (granted permission to use in commercial software)
+ */
+
+/**
+ * @file pth_queue.h
+ * @author Alexander Vdolainen
+ * @date 4 Nov 2013, 20 Dec 2014 (dynamic polls)
+ * @brief queue implementation for threads intercommunication
+ *
+ */
+
+#ifndef __PTH_QUEUE_H__
+#define __PTH_QUEUE_H__
+
+#include <pthread.h>
+#include <tdata/idx_allocator.h>
+
+/* possible message types, ones with POLL_ prefix valid on for pth_dqtpoll_* */
+#define SYS_MSG        0x0f0affee
+#define USR_MSG        0x0afeeffe
+#define POLL_DECREASE  0x0afafafe
+#define POLL_INCREASE  0x0afaffff
+#define NIL_MSG        0x0
+#define END_MSG        0xdead0000
+
+/* max amount of threads within the poll */
+#define MAX_POLL_VALUE  32
+
+typedef struct pth_msg_s {
+  void *data;           /** < message payload */
+  unsigned int msgtype; /** < message type ID */
+  unsigned int qlength; /** < current queue length (actual on add moment),
+                          * it makes no sense with few readers */
+  usrtc_node_t node;
+} pth_msg_t;
+
+typedef struct pth_queue_s {
+  unsigned int length;
+  /* sync */
+  pthread_mutex_t mutex;
+  pthread_cond_t cond;
+  /* queue data */
+  usrtc_t qtree;
+  /* cache */
+  usrtc_t msgcache;
+} pth_queue_t;
+
+int pth_queue_init(pth_queue_t *queue);
+
+int pth_queue_add(pth_queue_t *queue, void *data, unsigned int msgtype);
+
+int pth_queue_get(pth_queue_t *queue, const struct timespec *timeout,
+                  pth_msg_t *msg);
+
+unsigned int pth_queue_length(pth_queue_t *queue);
+
+int pth_queue_destroy(pth_queue_t *queue, int freedata,
+                      void (*free_msg)(void *));
+
+/* dynamic queue thread poll ... bbrrr .... ok, ok with beer
+ * Dynamic queue thread poll is a queue like pth_queue,
+ * but also it has itäs own mamagement for threads - that's
+ * why dynamic.
+ * Ideally, the model is trying to achieve the following:
+ * 1. one thread in queue while no or very small amount of jobs in the queue
+ * 2. grow until max threads is reached while too many requests
+ * 3. gently slide down volume of threads after job heat
+ * 4. minimal additional drawbacks (i hate something periodically running,
+ * it's bad practice)
+ * The model is quite simple, we should make spurious wakeups equal to zero,
+ * if no - decrease poll value, and, if we don't have thread available -
+ * create it.
+ */
+typedef struct pth_dqtpoll_s {
+  pth_queue_t *queue; /** < Job queue */
+  pthread_t *poll; /** < Thread descriptors */
+  int (*jobdata_callback)(void *); /** < Callback to have a deal with data */
+  int flags; /** < Flags */
+  idx_allocator_t *idx; /** < index allocator for the poll threads */
+  pthread_rwlock_t stats_lock; /** < rwlock for stats data */
+  unsigned long spurious_wakeups; /** < amount of spurios wakeups */
+  int poll_value; /** < value of the poll (totally) */
+  struct timeval sched_time;
+  int msgop;
+} pth_dqtpoll_t;
+
+/* flags for poll */
+#define DQTPOLL_RUNNING    (1 << 1) /* poll is running */
+#define DQTPOLL_DEADSTAGE  (1 << 2) /* poll in the stage of destroy */
+
+/* keep it stupid */
+#define DQTPOLL_DELTAMS  500000
+#define DQTPOLL_DELTASE  0
+
+/* init poll, structure must be allocated */
+int pth_dqtpoll_init(pth_dqtpoll_t*, int (*jobdata_callback)(void *));
+
+/* run poll: poll */
+int pth_dqtpoll_run(pth_dqtpoll_t*);
+
+/* add the job to the queue: poll, job data, message type  */
+int pth_dqtpoll_add(pth_dqtpoll_t*, void*, unsigned int);
+
+/* destroy the poll: poll, force flag
+ * if force flag is set (!= 0), give up
+ * about jobs, if no, do the job, but don't
+ * accept the new ones, and destroy all poll
+ * with last thread.
+ */
+int pth_dqtpoll_destroy(pth_dqtpoll_t*, int);
+
+#endif /* __PTH_QUEUE_H__ */

debian/libsntl-dev/usr/lib/libsntl.so

@@ -0,0 +1 @@
+libsntl.so.0.0.0

debian/libsntl-dev/usr/lib/pkgconfig/libsntl.pc

@@ -0,0 +1,13 @@
+prefix=/usr
+exec_prefix=${prefix}
+libdir=${exec_prefix}/lib
+datarootdir=${prefix}/share
+datadir=${datarootdir}
+includedir=${prefix}/include
+
+Name: libsntl
+Description: Secure Network Transport Layer library implementation
+Version: 0.1.0
+Requires: 
+Libs: -L${libdir} -lsntl
+Cflags: -I${includedir}

debian/libsntl-dev/usr/share/doc/libsntl-dev/README

@@ -0,0 +1 @@
+1. Build the Debian package: debuild -i -us -uc -b

debian/libsntl-dev/usr/share/doc/libsntl-dev/README.Debian

@@ -0,0 +1,6 @@
+libsntl for Debian
+-------------------
+
+<possible notes regarding this package - if none, delete this file>
+
+ -- Alexander Vdolainen <vdo@daze>  Mon, 24 Nov 2014 11:52:48 +0200

debian/libsntl-dev/usr/share/doc/libsntl-dev/copyright

@@ -0,0 +1,38 @@
+Format: http://www.debian.org/doc/packaging-manuals/copyright-format/1.0/
+Upstream-Name: libsntl
+Source: <url://example.com>
+
+Files: *
+Copyright: <years> <put author's name and email here>
+           <years> <likewise for another author>
+License: <special license>
+ <Put the license of the package here indented by 1 space>
+ <This follows the format of Description: lines in control file>
+ .
+ <Including paragraphs>
+
+# If you want to use GPL v2 or later for the /debian/* files use 
+# the following clauses, or change it to suit. Delete these two lines
+Files: debian/*
+Copyright: 2014 Alexander Vdolainen <vdo@daze>
+License: GPL-2+
+ This package is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 2 of the License, or
+ (at your option) any later version.
+ .
+ This package is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ GNU General Public License for more details.
+ .
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>
+ .
+ On Debian systems, the complete text of the GNU General
+ Public License version 2 can be found in "/usr/share/common-licenses/GPL-2".
+
+# Please also look if there are files or directories which have a
+# different copyright/license attached and list them here.
+# Please avoid to pick license terms that are more restrictive than the
+# packaged work, as it may make Debian's contributions unacceptable upstream.

debian/libsntl.cron.d.ex

@@ -0,0 +1,4 @@
+#
+# Regular cron jobs for the libsntl package
+#
+0 4	* * *	root	[ -x /usr/bin/libsntl_maintenance ] && /usr/bin/libsntl_maintenance

debian/libsntl.debhelper.log

@@ -0,0 +1,50 @@
+dh_autotools-dev_updateconfig
+dh_auto_configure
+dh_auto_build
+dh_auto_test
+dh_prep
+dh_installdirs
+dh_auto_install
+dh_install
+dh_installdocs
+dh_installchangelogs
+dh_installexamples
+dh_installman
+dh_installcatalogs
+dh_installcron
+dh_installdebconf
+dh_installemacsen
+dh_installifupdown
+dh_installinfo
+dh_pysupport
+dh_installinit
+dh_installmenu
+dh_installmime
+dh_installmodules
+dh_installlogcheck
+dh_installlogrotate
+dh_installpam
+dh_installppp
+dh_installudev
+dh_installwm
+dh_installxfonts
+dh_installgsettings
+dh_bugfiles
+dh_ucf
+dh_lintian
+dh_gconf
+dh_icons
+dh_perl
+dh_usrlocal
+dh_link
+dh_compress
+dh_fixperms
+dh_strip
+dh_makeshlibs
+dh_shlibdeps
+dh_installdeb
+dh_gencontrol
+dh_md5sums
+dh_builddeb
+dh_builddeb
+dh_builddeb

debian/libsntl.default.ex

@@ -0,0 +1,10 @@
+# Defaults for libsntl initscript
+# sourced by /etc/init.d/libsntl
+# installed at /etc/default/libsntl by the maintainer scripts
+
+#
+# This is a POSIX shell fragment
+#
+
+# Additional options that are passed to the Daemon.
+DAEMON_OPTS=""

debian/libsntl.dirs

@@ -0,0 +1 @@
+usr/lib

debian/libsntl.doc-base.EX

@@ -0,0 +1,20 @@
+Document: libsntl
+Title: Debian libsntl Manual
+Author: <insert document author here>
+Abstract: This manual describes what libsntl is
+ and how it can be used to
+ manage online manuals on Debian systems.
+Section: unknown
+
+Format: debiandoc-sgml
+Files: /usr/share/doc/libsntl/libsntl.sgml.gz
+
+Format: postscript
+Files: /usr/share/doc/libsntl/libsntl.ps.gz
+
+Format: text
+Files: /usr/share/doc/libsntl/libsntl.text.gz
+
+Format: HTML
+Index: /usr/share/doc/libsntl/html/index.html
+Files: /usr/share/doc/libsntl/html/*.html

debian/libsntl.install

@@ -0,0 +1 @@
+usr/lib/lib*.so.*

debian/libsntl.postinst.debhelper

@@ -0,0 +1,5 @@
+# Automatically added by dh_makeshlibs
+if [ "$1" = "configure" ]; then
+	ldconfig
+fi
+# End automatically added section

debian/libsntl.postrm.debhelper

@@ -0,0 +1,5 @@
+# Automatically added by dh_makeshlibs
+if [ "$1" = "remove" ]; then
+	ldconfig
+fi
+# End automatically added section

debian/libsntl.substvars

@@ -0,0 +1,2 @@
+shlibs:Depends=libc6 (>= 2.3.2), libsexpr, libssl1.0.0 (>= 1.0.1), libtdata, libuuid1 (>= 2.20.1)
+misc:Depends=

debian/libsntl/DEBIAN/control

@@ -0,0 +1,11 @@
+Package: libsntl
+Version: 0.1.0
+Architecture: amd64
+Maintainer: Alexander Vdolainen <vdo@askele.com>
+Installed-Size: 52
+Depends: libc6 (>= 2.3.2), libsexpr, libssl1.0.0 (>= 1.0.1), libtdata, libuuid1 (>= 2.20.1)
+Section: libs
+Priority: extra
+Homepage: http://askele.com/software
+Description: Secure Networking Transport Layer implementation library
+ Library used to develop secure services

debian/libsntl/DEBIAN/md5sums

@@ -0,0 +1,3 @@
+4e0af3e3160f08d6f72f48d619dbbc6e  usr/lib/libsntl.so.0.0.0
+87736146030b265e3f3c8b577726c44b  usr/share/doc/libsntl/changelog.gz
+7f3520d22e4f7e2bbbb8bf0b1b104a9e  usr/share/doc/libsntl/copyright

debian/libsntl/DEBIAN/postinst

@@ -0,0 +1,7 @@
+#!/bin/sh
+set -e
+# Automatically added by dh_makeshlibs
+if [ "$1" = "configure" ]; then
+	ldconfig
+fi
+# End automatically added section

debian/libsntl/DEBIAN/postrm

@@ -0,0 +1,7 @@
+#!/bin/sh
+set -e
+# Automatically added by dh_makeshlibs
+if [ "$1" = "remove" ]; then
+	ldconfig
+fi
+# End automatically added section

debian/libsntl/DEBIAN/shlibs

@@ -0,0 +1 @@
+libsntl 0 libsntl

debian/libsntl/usr/lib/libsntl.so.0

@@ -0,0 +1 @@
+libsntl.so.0.0.0

debian/libsntl/usr/share/doc/libsntl/copyright

@@ -0,0 +1,38 @@
+Format: http://www.debian.org/doc/packaging-manuals/copyright-format/1.0/
+Upstream-Name: libsntl
+Source: <url://example.com>
+
+Files: *
+Copyright: <years> <put author's name and email here>
+           <years> <likewise for another author>
+License: <special license>
+ <Put the license of the package here indented by 1 space>
+ <This follows the format of Description: lines in control file>
+ .
+ <Including paragraphs>
+
+# If you want to use GPL v2 or later for the /debian/* files use 
+# the following clauses, or change it to suit. Delete these two lines
+Files: debian/*
+Copyright: 2014 Alexander Vdolainen <vdo@daze>
+License: GPL-2+
+ This package is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 2 of the License, or
+ (at your option) any later version.
+ .
+ This package is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ GNU General Public License for more details.
+ .
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>
+ .
+ On Debian systems, the complete text of the GNU General
+ Public License version 2 can be found in "/usr/share/common-licenses/GPL-2".
+
+# Please also look if there are files or directories which have a
+# different copyright/license attached and list them here.
+# Please avoid to pick license terms that are more restrictive than the
+# packaged work, as it may make Debian's contributions unacceptable upstream.

debian/manpage.1.ex

@@ -0,0 +1,56 @@
+.\"                                      Hey, EMACS: -*- nroff -*-
+.\" (C) Copyright 2014 Alexander Vdolainen <vdo@daze>,
+.\"
+.\" First parameter, NAME, should be all caps
+.\" Second parameter, SECTION, should be 1-8, maybe w/ subsection
+.\" other parameters are allowed: see man(7), man(1)
+.TH LIBSNTL SECTION "November 24, 2014"
+.\" Please adjust this date whenever revising the manpage.
+.\"
+.\" Some roff macros, for reference:
+.\" .nh        disable hyphenation
+.\" .hy        enable hyphenation
+.\" .ad l      left justify
+.\" .ad b      justify to both left and right margins
+.\" .nf        disable filling
+.\" .fi        enable filling
+.\" .br        insert line break
+.\" .sp <n>    insert n+1 empty lines
+.\" for manpage-specific macros, see man(7)
+.SH NAME
+libsntl \- program to do something
+.SH SYNOPSIS
+.B libsntl
+.RI [ options ] " files" ...
+.br
+.B bar
+.RI [ options ] " files" ...
+.SH DESCRIPTION
+This manual page documents briefly the
+.B libsntl
+and
+.B bar
+commands.
+.PP
+.\" TeX users may be more comfortable with the \fB<whatever>\fP and
+.\" \fI<whatever>\fP escape sequences to invode bold face and italics,
+.\" respectively.
+\fBlibsntl\fP is a program that...
+.SH OPTIONS
+These programs follow the usual GNU command line syntax, with long
+options starting with two dashes (`-').
+A summary of options is included below.
+For a complete description, see the Info files.
+.TP
+.B \-h, \-\-help
+Show summary of options.
+.TP
+.B \-v, \-\-version
+Show version of program.
+.SH SEE ALSO
+.BR bar (1),
+.BR baz (1).
+.br
+The programs are documented fully by
+.IR "The Rise and Fall of a Fooish Bar" ,
+available via the Info system.

debian/manpage.sgml.ex

@@ -0,0 +1,154 @@
+<!doctype refentry PUBLIC "-//OASIS//DTD DocBook V4.1//EN" [
+
+<!-- Process this file with docbook-to-man to generate an nroff manual
+     page: `docbook-to-man manpage.sgml > manpage.1'.  You may view
+     the manual page with: `docbook-to-man manpage.sgml | nroff -man |
+     less'.  A typical entry in a Makefile or Makefile.am is:
+
+manpage.1: manpage.sgml
+	docbook-to-man $< > $@
+
+
+	The docbook-to-man binary is found in the docbook-to-man package.
+	Please remember that if you create the nroff version in one of the
+	debian/rules file targets (such as build), you will need to include
+	docbook-to-man in your Build-Depends control field.
+
+  -->
+
+  <!-- Fill in your name for FIRSTNAME and SURNAME. -->
+  <!ENTITY dhfirstname "<firstname>FIRSTNAME</firstname>">
+  <!ENTITY dhsurname   "<surname>SURNAME</surname>">
+  <!-- Please adjust the date whenever revising the manpage. -->
+  <!ENTITY dhdate      "<date>November 24, 2014</date>">
+  <!-- SECTION should be 1-8, maybe w/ subsection other parameters are
+       allowed: see man(7), man(1). -->
+  <!ENTITY dhsection   "<manvolnum>SECTION</manvolnum>">
+  <!ENTITY dhemail     "<email>vdo@daze</email>">
+  <!ENTITY dhusername  "Alexander Vdolainen">
+  <!ENTITY dhucpackage "<refentrytitle>LIBSEXPR</refentrytitle>">
+  <!ENTITY dhpackage   "libsntl">
+
+  <!ENTITY debian      "<productname>Debian</productname>">
+  <!ENTITY gnu         "<acronym>GNU</acronym>">
+  <!ENTITY gpl         "&gnu; <acronym>GPL</acronym>">
+]>
+
+<refentry>
+  <refentryinfo>
+    <address>
+      &dhemail;
+    </address>
+    <author>
+      &dhfirstname;
+      &dhsurname;
+    </author>
+    <copyright>
+      <year>2003</year>
+      <holder>&dhusername;</holder>
+    </copyright>
+    &dhdate;
+  </refentryinfo>
+  <refmeta>
+    &dhucpackage;
+
+    &dhsection;
+  </refmeta>
+  <refnamediv>
+    <refname>&dhpackage;</refname>
+
+    <refpurpose>program to do something</refpurpose>
+  </refnamediv>
+  <refsynopsisdiv>
+    <cmdsynopsis>
+      <command>&dhpackage;</command>
+
+      <arg><option>-e <replaceable>this</replaceable></option></arg>
+
+      <arg><option>--example <replaceable>that</replaceable></option></arg>
+    </cmdsynopsis>
+  </refsynopsisdiv>
+  <refsect1>
+    <title>DESCRIPTION</title>
+
+    <para>This manual page documents briefly the
+      <command>&dhpackage;</command> and <command>bar</command>
+      commands.</para>
+
+    <para>This manual page was written for the &debian; distribution
+      because the original program does not have a manual page.
+      Instead, it has documentation in the &gnu;
+      <application>Info</application> format; see below.</para>
+
+    <para><command>&dhpackage;</command> is a program that...</para>
+
+  </refsect1>
+  <refsect1>
+    <title>OPTIONS</title>
+
+    <para>These programs follow the usual &gnu; command line syntax,
+      with long options starting with two dashes (`-').  A summary of
+      options is included below.  For a complete description, see the
+      <application>Info</application> files.</para>
+
+    <variablelist>
+      <varlistentry>
+        <term><option>-h</option>
+          <option>--help</option>
+        </term>
+        <listitem>
+          <para>Show summary of options.</para>
+        </listitem>
+      </varlistentry>
+      <varlistentry>
+        <term><option>-v</option>
+          <option>--version</option>
+        </term>
+        <listitem>
+          <para>Show version of program.</para>
+        </listitem>
+      </varlistentry>
+    </variablelist>
+  </refsect1>
+  <refsect1>
+    <title>SEE ALSO</title>
+
+    <para>bar (1), baz (1).</para>
+
+    <para>The programs are documented fully by <citetitle>The Rise and
+      Fall of a Fooish Bar</citetitle> available via the
+      <application>Info</application> system.</para>
+  </refsect1>
+  <refsect1>
+    <title>AUTHOR</title>
+
+    <para>This manual page was written by &dhusername; &dhemail; for
+      the &debian; system (and may be used by others).  Permission is
+      granted to copy, distribute and/or modify this document under
+      the terms of the &gnu; General Public License, Version 2 any
+      later version published by the Free Software Foundation.
+    </para>
+    <para>
+      On Debian systems, the complete text of the GNU General Public
+      License can be found in /usr/share/common-licenses/GPL.
+    </para>
+
+  </refsect1>
+</refentry>
+
+<!-- Keep this comment at the end of the file
+Local variables:
+mode: sgml
+sgml-omittag:t
+sgml-shorttag:t
+sgml-minimize-attributes:nil
+sgml-always-quote-attributes:t
+sgml-indent-step:2
+sgml-indent-data:t
+sgml-parent-document:nil
+sgml-default-dtd-file:nil
+sgml-exposed-tags:nil
+sgml-local-catalogs:nil
+sgml-local-ecat-files:nil
+End:
+-->

debian/manpage.xml.ex

@@ -0,0 +1,291 @@
+<?xml version='1.0' encoding='UTF-8'?>
+<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
+"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
+
+<!--
+
+`xsltproc -''-nonet \
+          -''-param man.charmap.use.subset "0" \
+          -''-param make.year.ranges "1" \
+          -''-param make.single.year.ranges "1" \
+          /usr/share/xml/docbook/stylesheet/docbook-xsl/manpages/docbook.xsl \
+          manpage.xml'
+
+A manual page <package>.<section> will be generated. You may view the
+manual page with: nroff -man <package>.<section> | less'. A typical entry
+in a Makefile or Makefile.am is:
+
+DB2MAN = /usr/share/sgml/docbook/stylesheet/xsl/docbook-xsl/manpages/docbook.xsl
+XP     = xsltproc -''-nonet -''-param man.charmap.use.subset "0"
+
+manpage.1: manpage.xml
+        $(XP) $(DB2MAN) $<
+
+The xsltproc binary is found in the xsltproc package. The XSL files are in
+docbook-xsl. A description of the parameters you can use can be found in the
+docbook-xsl-doc-* packages. Please remember that if you create the nroff
+version in one of the debian/rules file targets (such as build), you will need
+to include xsltproc and docbook-xsl in your Build-Depends control field.
+Alternatively use the xmlto command/package. That will also automatically
+pull in xsltproc and docbook-xsl.
+
+Notes for using docbook2x: docbook2x-man does not automatically create the
+AUTHOR(S) and COPYRIGHT sections. In this case, please add them manually as
+<refsect1> ... </refsect1>.
+
+To disable the automatic creation of the AUTHOR(S) and COPYRIGHT sections
+read /usr/share/doc/docbook-xsl/doc/manpages/authors.html. This file can be
+found in the docbook-xsl-doc-html package.
+
+Validation can be done using: `xmllint -''-noout -''-valid manpage.xml`
+
+General documentation about man-pages and man-page-formatting:
+man(1), man(7), http://www.tldp.org/HOWTO/Man-Page/
+
+-->
+
+  <!-- Fill in your name for FIRSTNAME and SURNAME. -->
+  <!ENTITY dhfirstname "FIRSTNAME">
+  <!ENTITY dhsurname   "SURNAME">
+  <!-- dhusername could also be set to "&dhfirstname; &dhsurname;". -->
+  <!ENTITY dhusername  "Alexander Vdolainen">
+  <!ENTITY dhemail     "vdo@daze">
+  <!-- SECTION should be 1-8, maybe w/ subsection other parameters are
+       allowed: see man(7), man(1) and
+       http://www.tldp.org/HOWTO/Man-Page/q2.html. -->
+  <!ENTITY dhsection   "SECTION">
+  <!-- TITLE should be something like "User commands" or similar (see
+       http://www.tldp.org/HOWTO/Man-Page/q2.html). -->
+  <!ENTITY dhtitle     "libsntl User Manual">
+  <!ENTITY dhucpackage "LIBSEXPR">
+  <!ENTITY dhpackage   "libsntl">
+]>
+
+<refentry>
+  <refentryinfo>
+    <title>&dhtitle;</title>
+    <productname>&dhpackage;</productname>
+    <authorgroup>
+      <author>
+       <firstname>&dhfirstname;</firstname>
+        <surname>&dhsurname;</surname>
+        <contrib>Wrote this manpage for the Debian system.</contrib>
+        <address>
+          <email>&dhemail;</email>
+        </address>
+      </author>
+    </authorgroup>
+    <copyright>
+      <year>2007</year>
+      <holder>&dhusername;</holder>
+    </copyright>
+    <legalnotice>
+      <para>This manual page was written for the Debian system
+        (and may be used by others).</para>
+      <para>Permission is granted to copy, distribute and/or modify this
+        document under the terms of the GNU General Public License,
+        Version 2 or (at your option) any later version published by
+        the Free Software Foundation.</para>
+      <para>On Debian systems, the complete text of the GNU General Public
+        License can be found in
+        <filename>/usr/share/common-licenses/GPL</filename>.</para>
+    </legalnotice>
+  </refentryinfo>
+  <refmeta>
+    <refentrytitle>&dhucpackage;</refentrytitle>
+    <manvolnum>&dhsection;</manvolnum>
+  </refmeta>
+  <refnamediv>
+    <refname>&dhpackage;</refname>
+    <refpurpose>program to do something</refpurpose>
+  </refnamediv>
+  <refsynopsisdiv>
+    <cmdsynopsis>
+      <command>&dhpackage;</command>
+      <!-- These are several examples, how syntaxes could look -->
+      <arg choice="plain"><option>-e <replaceable>this</replaceable></option></arg>
+      <arg choice="opt"><option>--example=<parameter>that</parameter></option></arg>
+      <arg choice="opt">
+        <group choice="req">
+          <arg choice="plain"><option>-e</option></arg>
+          <arg choice="plain"><option>--example</option></arg>
+        </group>
+        <replaceable class="option">this</replaceable>
+      </arg>
+      <arg choice="opt">
+        <group choice="req">
+          <arg choice="plain"><option>-e</option></arg>
+          <arg choice="plain"><option>--example</option></arg>
+        </group>
+        <group choice="req">
+          <arg choice="plain"><replaceable>this</replaceable></arg>
+          <arg choice="plain"><replaceable>that</replaceable></arg>
+        </group>
+      </arg>
+    </cmdsynopsis>
+    <cmdsynopsis>
+      <command>&dhpackage;</command>
+      <!-- Normally the help and version options make the programs stop
+           right after outputting the requested information. -->
+      <group choice="opt">
+        <arg choice="plain">
+          <group choice="req">
+            <arg choice="plain"><option>-h</option></arg>
+            <arg choice="plain"><option>--help</option></arg>
+          </group>
+        </arg>
+        <arg choice="plain">
+          <group choice="req">
+            <arg choice="plain"><option>-v</option></arg>
+            <arg choice="plain"><option>--version</option></arg>
+          </group>
+        </arg>
+      </group>
+    </cmdsynopsis>
+  </refsynopsisdiv>
+  <refsect1 id="description">
+    <title>DESCRIPTION</title>
+    <para>This manual page documents briefly the
+      <command>&dhpackage;</command> and <command>bar</command>
+      commands.</para>
+    <para>This manual page was written for the Debian distribution
+      because the original program does not have a manual page.
+      Instead, it has documentation in the GNU <citerefentry>
+        <refentrytitle>info</refentrytitle>
+        <manvolnum>1</manvolnum>
+      </citerefentry> format; see below.</para>
+    <para><command>&dhpackage;</command> is a program that...</para>
+  </refsect1>
+  <refsect1 id="options">
+    <title>OPTIONS</title>
+    <para>The program follows the usual GNU command line syntax,
+      with long options starting with two dashes (`-').  A summary of
+      options is included below.  For a complete description, see the
+      <citerefentry>
+        <refentrytitle>info</refentrytitle>
+        <manvolnum>1</manvolnum>
+      </citerefentry> files.</para>
+    <variablelist>
+      <!-- Use the variablelist.term.separator and the
+           variablelist.term.break.after parameters to
+           control the term elements. -->
+      <varlistentry>
+        <term><option>-e <replaceable>this</replaceable></option></term>
+        <term><option>--example=<replaceable>that</replaceable></option></term>
+        <listitem>
+          <para>Does this and that.</para>
+        </listitem>
+      </varlistentry>
+      <varlistentry>
+        <term><option>-h</option></term>
+        <term><option>--help</option></term>
+        <listitem>
+          <para>Show summary of options.</para>
+        </listitem>
+      </varlistentry>
+      <varlistentry>
+        <term><option>-v</option></term>
+        <term><option>--version</option></term>
+        <listitem>
+          <para>Show version of program.</para>
+        </listitem>
+      </varlistentry>
+    </variablelist>
+  </refsect1>
+  <refsect1 id="files">
+    <title>FILES</title>
+    <variablelist>
+      <varlistentry>
+        <term><filename>/etc/foo.conf</filename></term>
+        <listitem>
+          <para>The system-wide configuration file to control the
+            behaviour of <application>&dhpackage;</application>. See
+            <citerefentry>
+              <refentrytitle>foo.conf</refentrytitle>
+              <manvolnum>5</manvolnum>
+            </citerefentry> for further details.</para>
+        </listitem>
+      </varlistentry>
+      <varlistentry>
+        <term><filename>${HOME}/.foo.conf</filename></term>
+        <listitem>
+          <para>The per-user configuration file to control the
+             behaviour of <application>&dhpackage;</application>. See
+             <citerefentry>
+               <refentrytitle>foo.conf</refentrytitle>
+               <manvolnum>5</manvolnum>
+             </citerefentry> for further details.</para>
+        </listitem>
+      </varlistentry>
+    </variablelist>
+  </refsect1>
+  <refsect1 id="environment">
+    <title>ENVIRONMENT</title>
+    <variablelist>
+      <varlistentry>
+        <term><envar>FOO_CONF</envar></term>
+        <listitem>
+          <para>If used, the defined file is used as configuration
+            file (see also <xref linkend="files"/>).</para>
+        </listitem>
+      </varlistentry>
+    </variablelist>
+  </refsect1>
+  <refsect1 id="diagnostics">
+    <title>DIAGNOSTICS</title>
+    <para>The following diagnostics may be issued
+      on <filename class="devicefile">stderr</filename>:</para>
+    <variablelist>
+      <varlistentry>
+        <term><errortext>Bad configuration file. Exiting.</errortext></term>
+        <listitem>
+          <para>The configuration file seems to contain a broken configuration
+            line. Use the <option>--verbose</option> option, to get more info.
+          </para>
+        </listitem>
+      </varlistentry>
+    </variablelist>
+    <para><command>&dhpackage;</command> provides some return codes, that can
+      be used in scripts:</para>
+    <segmentedlist>
+      <segtitle>Code</segtitle>
+      <segtitle>Diagnostic</segtitle>
+      <seglistitem>
+        <seg><errorcode>0</errorcode></seg>
+        <seg>Program exited successfully.</seg>
+      </seglistitem>
+      <seglistitem>
+        <seg><errorcode>1</errorcode></seg>
+        <seg>The configuration file seems to be broken.</seg>
+      </seglistitem>
+    </segmentedlist>
+  </refsect1>
+  <refsect1 id="bugs">
+    <!-- Or use this section to tell about upstream BTS. -->
+    <title>BUGS</title>
+    <para>The program is currently limited to only work
+      with the <package>foobar</package> library.</para>
+    <para>The upstreams <acronym>BTS</acronym> can be found
+      at <ulink url="http://bugzilla.foo.tld"/>.</para>
+  </refsect1>
+  <refsect1 id="see_also">
+    <title>SEE ALSO</title>
+    <!-- In alpabetical order. -->
+    <para><citerefentry>
+        <refentrytitle>bar</refentrytitle>
+        <manvolnum>1</manvolnum>
+      </citerefentry>, <citerefentry>
+        <refentrytitle>baz</refentrytitle>
+        <manvolnum>1</manvolnum>
+      </citerefentry>, <citerefentry>
+        <refentrytitle>foo.conf</refentrytitle>
+        <manvolnum>5</manvolnum>
+      </citerefentry></para>
+    <para>The programs are documented fully by <citetitle>The Rise and
+      Fall of a Fooish Bar</citetitle> available via the <citerefentry>
+        <refentrytitle>info</refentrytitle>
+        <manvolnum>1</manvolnum>
+      </citerefentry> system.</para>
+  </refsect1>
+</refentry>
+

debian/menu.ex

@@ -0,0 +1,2 @@
+?package(libsntl):needs="X11|text|vc|wm" section="Applications/see-menu-manual"\
+  title="libsntl" command="/usr/bin/libsntl"

debian/postinst.ex

@@ -0,0 +1,39 @@
+#!/bin/sh
+# postinst script for libsntl
+#
+# see: dh_installdeb(1)
+
+set -e
+
+# summary of how this script can be called:
+#        * <postinst> `configure' <most-recently-configured-version>
+#        * <old-postinst> `abort-upgrade' <new version>
+#        * <conflictor's-postinst> `abort-remove' `in-favour' <package>
+#          <new-version>
+#        * <postinst> `abort-remove'
+#        * <deconfigured's-postinst> `abort-deconfigure' `in-favour'
+#          <failed-install-package> <version> `removing'
+#          <conflicting-package> <version>
+# for details, see http://www.debian.org/doc/debian-policy/ or
+# the debian-policy package
+
+
+case "$1" in
+    configure)
+    ;;
+
+    abort-upgrade|abort-remove|abort-deconfigure)
+    ;;
+
+    *)
+        echo "postinst called with unknown argument \`$1'" >&2
+        exit 1
+    ;;
+esac
+
+# dh_installdeb will replace this with shell code automatically
+# generated by other debhelper scripts.
+
+#DEBHELPER#
+
+exit 0

debian/postrm.ex

@@ -0,0 +1,37 @@
+#!/bin/sh
+# postrm script for libsntl
+#
+# see: dh_installdeb(1)
+
+set -e
+
+# summary of how this script can be called:
+#        * <postrm> `remove'
+#        * <postrm> `purge'
+#        * <old-postrm> `upgrade' <new-version>
+#        * <new-postrm> `failed-upgrade' <old-version>
+#        * <new-postrm> `abort-install'
+#        * <new-postrm> `abort-install' <old-version>
+#        * <new-postrm> `abort-upgrade' <old-version>
+#        * <disappearer's-postrm> `disappear' <overwriter>
+#          <overwriter-version>
+# for details, see http://www.debian.org/doc/debian-policy/ or
+# the debian-policy package
+
+
+case "$1" in
+    purge|remove|upgrade|failed-upgrade|abort-install|abort-upgrade|disappear)
+    ;;
+
+    *)
+        echo "postrm called with unknown argument \`$1'" >&2
+        exit 1
+    ;;
+esac
+
+# dh_installdeb will replace this with shell code automatically
+# generated by other debhelper scripts.
+
+#DEBHELPER#
+
+exit 0

debian/preinst.ex

@@ -0,0 +1,35 @@
+#!/bin/sh
+# preinst script for libsntl
+#
+# see: dh_installdeb(1)
+
+set -e
+
+# summary of how this script can be called:
+#        * <new-preinst> `install'
+#        * <new-preinst> `install' <old-version>
+#        * <new-preinst> `upgrade' <old-version>
+#        * <old-preinst> `abort-upgrade' <new-version>
+# for details, see http://www.debian.org/doc/debian-policy/ or
+# the debian-policy package
+
+
+case "$1" in
+    install|upgrade)
+    ;;
+
+    abort-upgrade)
+    ;;
+
+    *)
+        echo "preinst called with unknown argument \`$1'" >&2
+        exit 1
+    ;;
+esac
+
+# dh_installdeb will replace this with shell code automatically
+# generated by other debhelper scripts.
+
+#DEBHELPER#
+
+exit 0

debian/prerm.ex

@@ -0,0 +1,38 @@
+#!/bin/sh
+# prerm script for libsntl
+#
+# see: dh_installdeb(1)
+
+set -e
+
+# summary of how this script can be called:
+#        * <prerm> `remove'
+#        * <old-prerm> `upgrade' <new-version>
+#        * <new-prerm> `failed-upgrade' <old-version>
+#        * <conflictor's-prerm> `remove' `in-favour' <package> <new-version>
+#        * <deconfigured's-prerm> `deconfigure' `in-favour'
+#          <package-being-installed> <version> `removing'
+#          <conflicting-package> <version>
+# for details, see http://www.debian.org/doc/debian-policy/ or
+# the debian-policy package
+
+
+case "$1" in
+    remove|upgrade|deconfigure)
+    ;;
+
+    failed-upgrade)
+    ;;
+
+    *)
+        echo "prerm called with unknown argument \`$1'" >&2
+        exit 1
+    ;;
+esac
+
+# dh_installdeb will replace this with shell code automatically
+# generated by other debhelper scripts.
+
+#DEBHELPER#
+
+exit 0

debian/rules

@@ -0,0 +1,13 @@
+#!/usr/bin/make -f
+# -*- makefile -*-
+# Sample debian/rules that uses debhelper.
+# This file was originally written by Joey Hess and Craig Small.
+# As a special exception, when this file is copied by dh-make into a
+# dh-make output file, you may use that output file without restriction.
+# This special exception was added by Craig Small in version 0.37 of dh-make.
+
+# Uncomment this to turn on verbose mode.
+#export DH_VERBOSE=1
+
+%:
+	dh $@  --with autotools-dev

debian/shlibs.local.ex

@@ -0,0 +1 @@
+libsntl 0.1.0 libsntl (>> 0.1.0), libsntl (<< 0.1.99)

debian/source/format

@@ -0,0 +1 @@
+3.0 (quilt)

debian/watch.ex

@@ -0,0 +1,23 @@
+# Example watch control file for uscan
+# Rename this file to "watch" and then you can run the "uscan" command
+# to check for upstream updates and more.
+# See uscan(1) for format
+
+# Compulsory line, this is a version 3 file
+version=3
+
+# Uncomment to examine a Webpage
+# <Webpage URL> <string match>
+#http://www.example.com/downloads.php libsntl-(.*)\.tar\.gz
+
+# Uncomment to examine a Webserver directory
+#http://www.example.com/pub/libsntl-(.*)\.tar\.gz
+
+# Uncommment to examine a FTP server
+#ftp://ftp.example.com/pub/libsntl-(.*)\.tar\.gz debian uupdate
+
+# Uncomment to find new files on sourceforge, for devscripts >= 2.9
+# http://sf.net/libsntl/libsntl-(.*)\.tar\.gz
+
+# Uncomment to find new files on GooglePages
+# http://example.googlepages.com/foo.html libsntl-(.*)\.tar\.gz

include/Makefile.am

@@ -1 +1 @@
-nobase_include_HEADERS = sntl/pth_queue.h sntl/mcache.h sntl/connection.h
+nobase_include_HEADERS = sntl/pth_queue.h sntl/connection.h

lib/Makefile.am

@@ -14,7 +14,7 @@ lib_LTLIBRARIES = libsntl.la
 
 
 libsntl_la_SOURCES = \
-	support.c queue.c mcache.c rpclist.c message.c channel.c connection.c
+	support.c queue.c rpclist.c message.c channel.c connection.c
 
 libsntl_la_LDFLAGS = -Wl,--export-dynamic
 

lib/channel.c

@@ -2,8 +2,8 @@
  * Secure Network Transport Layer Library implementation.
  * This is a proprietary software. See COPYING for further details.
  *
- * (c) 2013-2014 Copyright Askele, inc. <http://askele.com>
- * (c) 2013-2014 Copyright Askele Ingria, inc. <http://askele-ingria.com>
+ * (c) Askele Group 2013-2015 <http://askele.com>
+ *
  */
 
 #include <stdlib.h>
@@ -223,30 +223,31 @@ int channel_close(chnl_t *chnl)
     return ESXNOCONNECT;
   }
 
-  uuid_ = __generate_uuid();
-
   pthread_rwlock_rdlock(&(co->chnl_lock));
   node = usrtc_lookup(co->chnl_tree, &chnl->cid);
   pthread_rwlock_unlock(&(co->chnl_lock));
   if(!node) {
-    fprintf(stderr, "No such channel\n");
     return ENOENT;
   }
 
   pthread_rwlock_wrlock(&(chnl->msglock));
   /* check unprocessed messages */
-  if(!usrtc_isempty(chnl->msgs_tree)) {
+  if(!usrtc_isempty(chnl->msgs_tree)) { /* messages on the queue */
     pthread_rwlock_unlock(&(chnl->msglock));
-    fprintf(stderr, "Unable to close channel\n");
     return EBUSY;
   }
 
+  uuid_ = __generate_uuid();
   pl = malloc(sizeof(sxpayload_t));
-  if(!pl) return ENOMEM;
+  if(!pl) {
+    pthread_rwlock_unlock(&(chnl->msglock));
+    free(uuid_);
+    return ENOMEM;
+  }
   if(__create_sys_msg(&sms, uuid_, chnl, pl)) {
-    if(chnl->idx_msg) free(chnl->idx_msg);
-    if(chnl->msgs_tree) free(chnl->msgs_tree);
-    free(chnl);
+    pthread_rwlock_unlock(&(chnl->msglock));
+    free(pl);
+    free(uuid_);
     return ENOMEM;
   }
 
@@ -254,6 +255,7 @@ int channel_close(chnl_t *chnl)
   if(!(pl->cstr = malloc(sizeof(char) * ESX_SYSMSG_SIZE))) {
     pthread_rwlock_unlock(&(chnl->msglock));
     free(pl);
+    free(uuid_);
     return ENOMEM;
   }
   memset(pl->cstr, 0, sizeof(char) * ESX_SYSMSG_SIZE);
@@ -273,8 +275,9 @@ int channel_close(chnl_t *chnl)
     goto __process_smsg;
   } else pthread_mutex_lock(&(sms->wait)); /* will sleep until got a reply */
 
-__process_smsg:
+ __process_smsg:
   if(sms->opcode) {
+    pthread_rwlock_unlock(&(chnl->msglock));
     r = sms->opcode;
     return r;
   } else		r = 0;

lib/connection.c

@@ -2,8 +2,8 @@
  * Secure Network Transport Layer Library implementation.
  * This is a proprietary software. See COPYING for further details.
  *
- * (c) 2013-2014 Copyright Askele, inc. <http://askele.com>
- * (c) 2013-2014 Copyright Askele Ingria, inc. <http://askele-ingria.com>
+ * (c) Askele Group 2013-2015 <http://askele.com>
+ *
  */
 
 #include <stdlib.h>
@@ -103,6 +103,7 @@ static int __conn_read(conn_t *co, void *buf, size_t buf_len)
  __retry:
 
   do {
+  __try_again:
     r = SSL_read(co->ssl, buf, (int)buf_len);
     switch(SSL_get_error (co->ssl, r)) {
     case SSL_ERROR_NONE:
@@ -115,19 +116,41 @@ static int __conn_read(conn_t *co, void *buf, size_t buf_len)
     case SSL_ERROR_WANT_WRITE: /* here we blocked on write */
       read_blocked_on_write = 1;
       break;
+    case SSL_ERROR_SYSCALL:
+      if(errno == EAGAIN || errno == EINTR) goto __try_again;
+      else {
+        fprintf(stderr, "SSL syscall error.\n");
+        goto __close_conn;
+      }
+      break;
+    case SSL_ERROR_WANT_CONNECT:
+    case SSL_ERROR_WANT_ACCEPT:
+      fprintf(stderr, "SSL negotiation required. Trying again.\n");
+      goto __try_again;
+      break;
+    case SSL_ERROR_SSL:
+      fprintf(stderr, "SSL error occured. Connection will be closed.\n");
+      goto __close_conn;
+      break;
+    case SSL_ERROR_ZERO_RETURN:
+      fprintf(stderr, "SSL connection is cleary closed.\n");
     default:
-      fprintf(stderr, "(RD)Unknown error on %s\n", co->uuid);
+    __close_conn:
+      fprintf(stderr, "(RD)Unknown error on %s (errno = %d)\n", co->uuid, errno);
       return -1;
     }
   } while(SSL_pending(co->ssl) && !read_blocked);
 
+ __select_retry:
+
   if(read_blocked) {
     FD_ZERO(&readset);
     FD_SET(rfd, &readset);
     /* waits until something will be ready to read */
     r = select(rfd + 1, &readset, NULL, NULL, NULL);
     if(r < 0) {
-      printf("select (%d)\n", errno);
+      if(errno == EINTR || errno == EAGAIN) goto __select_retry;
+      printf("(RD) select (%d) on %s\n", errno, co->uuid);
       return -1;
     }
     if(!r) {
@@ -156,7 +179,7 @@ static int __conn_write(conn_t *co, void *buf, size_t buf_len)
   int r, rfd = SSL_get_fd(co->ssl);
   fd_set writeset;
 
-  //pthread_mutex_lock(&(co->oplock));
+  pthread_mutex_lock(&(co->oplock));
  __retry:
   r = SSL_write(co->ssl, buf, (int)buf_len);
   switch(SSL_get_error(co->ssl, r)) {
@@ -168,14 +191,19 @@ static int __conn_write(conn_t *co, void *buf, size_t buf_len)
     r = select(rfd + 1, NULL, &writeset, NULL, NULL);
     if(r && FD_ISSET(rfd, &writeset)) goto __retry;
     break;
+  case SSL_ERROR_SYSCALL:
+    if(errno == EAGAIN || errno == EINTR) goto __retry;
+    else goto __close_conn;
+    break;
   default:
-    //pthread_mutex_unlock(&(co->oplock));
+    pthread_mutex_unlock(&(co->oplock));
+  __close_conn:
     if(r < 0) {
       fprintf(stderr, "(WR)Unknown error on %s (%d)\n", co->uuid, r);
       return -1;
     } else return 0;
   }
-  //pthread_mutex_unlock(&(co->oplock));
+  pthread_mutex_unlock(&(co->oplock));
 
   return 0;
 }
@@ -242,6 +270,7 @@ static void __wake_up_waiters(conn_t *co, int opcode)
 
   pthread_rwlock_wrlock(&(co->chnl_lock));
 
+  if(!co->chnl_tree) goto __skip;
   node = usrtc_first(co->chnl_tree);
   last_node = usrtc_last(co->chnl_tree);
 
@@ -270,6 +299,7 @@ static void __wake_up_waiters(conn_t *co, int opcode)
     node = usrtc_next(co->chnl_tree, node);
   }
 
+ __skip:
   pthread_rwlock_unlock(&(co->chnl_lock));
 
   return;
@@ -815,32 +845,25 @@ static int __default_ch_close(void *cctx, sexp_t *sx)
     }
   }
 
-  //printf("%s(%ld)\n", __FUNCTION__, cid);
-
   /* additional check for type of the channel */
   pthread_rwlock_rdlock(&(co->chnl_lock));
   node = usrtc_lookup(co->chnl_tree, &cid);
   pthread_rwlock_unlock(&(co->chnl_lock));
   if(!node) {
     r = ENOENT;
-    printf("there is no channel with id=%ld\n", cid);
+    /* there are no such channel exist */
+    destroy_sexp(sx);
     goto __send_repl;
   }
   channel = (chnl_t *)usrtc_node_getdata(node);
 
-__send_repl:
-  buf = malloc(2048);
-  snprintf(buf, 2048, "(ch-close-ret ((:id %ld) (:error %d)))", 
-          channel->cid, r);
-
   /* check up the message queue */
   pthread_rwlock_rdlock(&(channel->msglock));
   if(usrtc_count(channel->msgs_tree)) {
-    fprintf(stderr, "Operation is not permitted. There are some "
-            "undelivered messages in the message tree");
-    free(buf);
+    /* we have some undelivered messages in the queue */
     destroy_sexp(sx);
-    return EPERM;
+    r = EBUSY;
+    goto __send_repl;
   }
   pthread_rwlock_unlock(&(channel->msglock));
 
@@ -859,6 +882,11 @@ __send_repl:
   free(channel);
 
   destroy_sexp(sx);
+
+ __send_repl:
+  buf = malloc(2048);
+  snprintf(buf, 2048, "(ch-close-ret ((:id %ld) (:error %d)))", cid, r);
+
   if(__conn_write(co, buf, strlen(buf)) < 0) {
     co->flags &= ~CXCONN_ESTABL;
     co->flags |= CXCONN_BROKEN;
@@ -871,7 +899,6 @@ __send_repl:
 
 static int __default_ch_close_ret(void *cctx, sexp_t *sx)
 {
-  ;
   conn_t *co = (conn_t *)cctx;
   chnl_t *chan;
   usrtc_node_t *node;
@@ -885,7 +912,6 @@ static int __default_ch_close_ret(void *cctx, sexp_t *sx)
   lsx = sx->list->next;
   /* now we expect a list of lists */
   if(lsx->ty != SEXP_LIST) {
-    //printf("%s:%d\n", __FUNCTION__, __LINE__);
     r = ESXRCBADPROT;
     goto __mark_msg;
   }
@@ -927,8 +953,8 @@ static int __default_ch_close_ret(void *cctx, sexp_t *sx)
   /* try to find desired channel to intercept message */
   pthread_rwlock_rdlock(&(co->chnl_lock));
   node = usrtc_lookup(co->chnl_tree, (void *)&id);
-  //printf("channels (%d)\n", usrtc_count(co->chnl_tree));
   pthread_rwlock_unlock(&(co->chnl_lock));
+
   if(node) {
     chan = (chnl_t *)usrtc_node_getdata(node);
     sms = chan->sysmsg;
@@ -1535,16 +1561,22 @@ static int __eval_cstr(char *cstr, cx_rpc_list_t *rpc_list, void *ctx)
 
   if(sx->ty == SEXP_LIST)
     rpcf = sx->list->val;
-  else rpcf = sx->val;
+  else goto __enoent;
 
   /* find an appropriate function */
   node = usrtc_lookup(rpc_list->rpc_tree, rpcf);
 
-  if(!node) return ENOENT;
+  if(!node) {
+  __enoent:
+    fprintf(stderr, "Invalid S-expression catched.\n");
+    destroy_sexp(sx);
+    return ENOENT;
+  }
   else rentry = (cx_rpc_t *)usrtc_node_getdata(node);
 
   /* call it */
   r = rentry->rpcf(ctx, sx);
+  //if(r) destroy_sexp(sx);
 
   return r;
 }
@@ -1635,8 +1667,14 @@ static void *__rmsg_queue_thread(void *ctx)
       /* now we're need to have a deal with the rpc calling, other - we don't care */
       ch = msg->pch;
       sx = (sexp_t *)msg->payload;
+
+      if(!sx) {
+        r = ESXRCBADPROT;
+        goto __err_ret;
+      }
       /* get the function name */
-      if(sx->ty == SEXP_LIST) rpcf = sx->list->val;
+      if((sx->ty == SEXP_LIST) && (sx->list != NULL))
+        rpcf = sx->list->val;
       else {
         r = ESXRCBADPROT;
         goto __err_ret;
@@ -1719,6 +1757,7 @@ static void *__msg_queue_thread(void *ctx)
           } else {
             if(msg->flags & ESXMSG_ISRAPID) {
               msg->flags |= ESXMSG_CLOSURE;
+              pthread_mutex_unlock(&(msg->wait)); /* wake it up */
               snprintf(buf, 4096, "(ch-msg-rapid (:chid %lu (:msgid %lu ", ch->cid,
                        msg->mid);
             } else
@@ -1844,7 +1883,7 @@ static int __verify_certcall(int preverify_ok, X509_STORE_CTX *ctx)
   /* ok, now we're on top of SSL (depth == 0) certs chain,
    * and we can validate client certificate */
   if(!depth) {
-    co->pctx = malloc(sizeof(perm_ctx_t));
+    //co->pctx = malloc(sizeof(perm_ctx_t));
     co->pctx->certid =
       ASN1_INTEGER_get((const ASN1_INTEGER *)X509_get_serialNumber(ctx->current_cert));
     //printf("Certificate ID: %lu\n", co->pctx->certid);
@@ -2202,20 +2241,34 @@ int connection_initiate(conn_t *co, const char *host, int port,
   /* now we will create an SSL connection */
   co->ssl = SSL_new(co->ctx);
   SSL_set_fd(co->ssl, sd); /* attach connected socket */
-  BIO_set_nbio(SSL_get_rbio(co->ssl), 1);
+  //  BIO_set_nbio(SSL_get_rbio(co->ssl), 1);
+  SSL_set_connect_state(co->ssl);
   if(SSL_connect(co->ssl) == -1) {
     r = EBADE;
     free(buf);
     /* shutdown connection */
     goto __fail_3;
   } /* if success we're ready to use established SSL channel */
-  BIO_set_nbio(SSL_get_rbio(co->ssl), 1);
+  //  BIO_set_nbio(SSL_get_rbio(co->ssl), 1);
   /* auth and RPC contexts sync */
   co->pctx = pctx;
   snprintf(buf, __TMPBUFLEN, "(auth-set-context ((:user \"%s\")(:passwd \"%s\")))",
            pctx->login, pctx->passwd);
   /* send an auth request */
-  SSL_write(co->ssl, buf, strlen(buf) + sizeof(char));
+  if(__conn_write(co, buf, strlen(buf) + sizeof(char))) {
+  __finalize:
+    co->flags &= ~CXCONN_ESTABL;
+    co->flags |= CXCONN_BROKEN;
+    r = ESXNOCONNECT;
+    free(buf);
+  __retry_shut:
+    if(!SSL_shutdown(co->ssl)) {
+      usleep(100);
+      goto __retry_shut;
+    }
+    /* shutdown connection */
+    goto __fail_3;
+  }
   /* read the message reply */
 
   bytes = __conn_read(co, buf, __TMPBUFLEN);
@@ -2236,17 +2289,14 @@ int connection_initiate(conn_t *co, const char *host, int port,
 
   if(!r) { /* all is fine security context is good */
     snprintf(buf, __TMPBUFLEN, "(ch-get-types)"); /* now we should receive possible channel types */
-    SSL_write(co->ssl, buf, strlen(buf) + sizeof(char));
+    if(__conn_write(co, buf, strlen(buf) + sizeof(char))) {
+      goto __finalize;
+    }
+
     /* read the message reply */
     bytes = __conn_read(co, buf, __TMPBUFLEN);
     if(bytes == -1) {
-      /* we've lost the connection */
-      co->flags &= ~CXCONN_ESTABL;
-      co->flags |= CXCONN_BROKEN;
-      r = ESXNOCONNECT;
-      free(buf);
-      /* shutdown connection */
-      goto __fail_3;
+      goto __finalize;
     }
 
     buf[bytes] = 0;
@@ -2267,9 +2317,9 @@ int connection_initiate(conn_t *co, const char *host, int port,
       pthread_rwlock_unlock(&conn_sys->rwlock);
     }
     r = pthread_create(&co->msgthread, NULL, __msg_queue_thread, (void *)co);
-    if(r) goto __fail_3;
+    if(r) goto __finalize;
     r = pthread_create(&co->rmsgthread, NULL, __rmsg_queue_thread, (void *)co);
-    if(r) goto __fail_3;
+    if(r) goto __finalize;
 
     pth_dqtpoll_run(tpoll);
     co->tpoll = tpoll;
@@ -2381,10 +2431,19 @@ int connection_create_fapi(conn_t *co, int sck, struct in_addr *addr)
 
   /* now we will create an SSL connection */
   co->ssl = SSL_new(co->ctx);
+  co->pctx = malloc(sizeof(perm_ctx_t));
   SSL_set_fd(co->ssl, sck); /* attach connected socket */
+  /* ok now we need to initialize address */
+  if(addr) {
+    co->pctx->addr = malloc(sizeof(struct in_addr));
+    memcpy(co->pctx->addr, addr, sizeof(struct in_addr));
+  } else co->pctx->addr = NULL;
+
+  SSL_set_accept_state(co->ssl);
   /* set the context to verify ssl connection */
   SSL_set_ex_data(co->ssl, conn_sys->ex_ssldata_index, (void *)co);
-  BIO_set_nbio(SSL_get_rbio(co->ssl), 1);
+  //BIO_set_nbio(SSL_get_rbio(co->ssl), 1);
+  SSL_set_accept_state(co->ssl);
   if(SSL_accept(co->ssl) == -1) {
     r = EBADE;
     free(buf);
@@ -2392,13 +2451,8 @@ int connection_create_fapi(conn_t *co, int sck, struct in_addr *addr)
     goto __fail_3;
   } /* if success we're ready to use established SSL channel */
 
-  BIO_set_nbio(SSL_get_rbio(co->ssl), 1);
+  //BIO_set_nbio(SSL_get_rbio(co->ssl), 1);
 
-  /* ok now we need to initialize address */
-  if(addr) {
-    co->pctx->addr = malloc(sizeof(struct in_addr));
-    memcpy(co->pctx->addr, addr, sizeof(struct in_addr));
-  } else co->pctx->addr = NULL;
   /*******************************************/
   /*-=Protocol part of connection establish=-*/
   /*******************************************/
@@ -2407,13 +2461,20 @@ int connection_create_fapi(conn_t *co, int sck, struct in_addr *addr)
     if(bytes > 0) {
       buf[bytes] = 0;
       r = __eval_cstr(buf, conn_sys->system_rpc, (void *)co);
-      if(r) goto __fail_3;
+      if(r) {
+        fprintf(stderr, "Initiation func return %d\n", r);
+        free(buf);
+        SSL_shutdown(co->ssl);
+        goto __fail_3;
+      }
     } else {
       if(bytes < 0) {
         printf("Terminate SSL connection, the other end is lost.\n");
         co->flags &= ~CXCONN_ESTABL;
         co->flags |= CXCONN_BROKEN;
-
+        free(buf);
+        if(conn_sys->on_destroy) conn_sys->on_destroy(co);
+        SSL_shutdown(co->ssl);
         r = ESXNOCONNECT;
         goto __fail_3;
       }
@@ -2513,6 +2574,7 @@ static void __connection_free(conn_t *co)
   free(co->idx_ch);
   free(co->chnl_tree);
   /* kill SSL context */
+  SSL_shutdown(co->ssl);
   close(SSL_get_fd(co->ssl));
   SSL_free(co->ssl);
   SSL_CTX_free(co->ctx);

lib/libsntl.pc.in

@@ -5,7 +5,7 @@ datarootdir=@datarootdir@
 datadir=@datadir@
 includedir=@includedir@
 
-Name: liblibsntl
+Name: libsntl
 Description: Secure Network Transport Layer library implementation
 Version: @VERSION@
 Requires: 

lib/message.c

@@ -2,8 +2,8 @@
  * Secure Network Transport Layer Library implementation.
  * This is a proprietary software. See COPYING for further details.
  *
- * (c) 2013-2014 Copyright Askele, inc. <http://askele.com>
- * (c) 2013-2014 Copyright Askele Ingria, inc. <http://askele-ingria.com>
+ * (c) Askele Group 2013-2015 <http://askele.com>
+ *
  */
 
 #include <stdlib.h>
@@ -233,7 +233,7 @@ static int __msg_reply(sxmsg_t *msg, sexp_t *sx, struct timespec *tio, int opcod
   if(r) return r; /* FIXME: better give up */
   if(!sx || israpid) {
     /* wait for write */
-    pthread_mutex_lock(&(msg->wait));
+    //pthread_mutex_lock(&(msg->wait));
     return 0;
   }
 
@@ -250,8 +250,6 @@ static int __msg_reply(sxmsg_t *msg, sexp_t *sx, struct timespec *tio, int opcod
   r = msg->opcode;
 
   if(msg->flags & ESXMSG_CLOSURE) {
-    /* destroy */
-    destroy_sexp(msg->initial_sx);
     __destroy_msg(msg);
   }
 

lib/queue.c

@@ -1,9 +1,9 @@
 /*
  * This is a proprietary software. See COPYING for further details.
  *
- * (c) 2013 Copyright Askele, inc. <http://askele.com>
- * (c) 2013 Copyright Askele Ingria, inc. <http://askele-ingria.com>
- * (c) 2014 Copyright Confident, inc. (granted permission to use in commercial software)
+ *
+ *
+ * (c) Askele Group 2013-2015 <http://askele.com>
  */
 
 #include <stdlib.h>

lib/rpclist.c

@@ -2,8 +2,7 @@
  * Secure Network Transport Layer Library implementation.
  * This is a proprietary software. See COPYING for further details.
  *
- * (c) 2013-2014 Copyright Askele, inc. <http://askele.com>
- * (c) 2013-2014 Copyright Askele Ingria, inc. <http://askele-ingria.com>
+ * (c) Askele Group 2013-2015 <http://askele.com>
  */
 
 #include <stdlib.h>

lib/support.c

@@ -2,8 +2,7 @@
  * Secure Network Transport Layer Library implementation.
  * This is a proprietary software. See COPYING for further details.
  *
- * (c) 2013-2014 Copyright Askele, inc. <http://askele.com>
- * (c) 2013-2014 Copyright Askele Ingria, inc. <http://askele-ingria.com>
+ * (c) Askele Group 2013-2015 <http://askele.com>
  */
 
 #include <stdlib.h>
@@ -42,16 +41,14 @@
 
 #ifdef WIN32
 #define UUID_T_LENGTH 16
-#endif 
 
 #ifdef uuid_t
 #undef uuid_t
 #endif
 
-#ifdef WIN32
- typedef unsigned char uuid_t[16];
+typedef unsigned char uuid_t[16];
 
- void uuid_generate_random(uuid_t out){
+void uuid_generate_random(uuid_t out){
   int i,a=0;
   LARGE_INTEGER frequency,t1;
   long int d;
@@ -73,7 +70,6 @@
 char *__generate_uuid(void)
 {
 #ifdef WIN32
-  
   char *uuidc = NULL;
   uuid_t uuid_t_m;
   int len, i = 0,r=0;
@@ -89,7 +85,6 @@ char *__generate_uuid(void)
   return uuidc;
 
 #else
-
   char *uuidc = NULL;
   uuid_t uuid;
   int len, i = 0;