make client socket non blocking to avoid evil client from causing

trouble in a SSL handshake. while at it, make event masking a bit
more strict to avoid possible bugs

smtpd/ioev.c

@@ -676,11 +676,11 @@ io_start_tls(struct io *io, void *ssl)
 	if (mode == IO_WRITE) {
 		io->state = IO_STATE_CONNECT_SSL;
 		SSL_set_connect_state(io->ssl);
-		io_reset(io, EV_READ | EV_WRITE, io_dispatch_connect_ssl);
+		io_reset(io, EV_WRITE, io_dispatch_connect_ssl);
 	} else {
 		io->state = IO_STATE_ACCEPT_SSL;
 		SSL_set_accept_state(io->ssl);
-		io_reset(io, EV_READ | EV_WRITE, io_dispatch_accept_ssl);
+		io_reset(io, EV_READ, io_dispatch_accept_ssl);
 	}
 
 	return (0);
@@ -854,14 +854,16 @@ io_dispatch_write_ssl(int fd, short event, void *humppa)
 void
 io_reload_ssl(struct io *io)
 {
-	short	ev = EV_READ|EV_WRITE;
+	short	ev = 0;
 	void	(*dispatch)(int, short, void*) = NULL;
 
 	switch (io->state) {
 	case IO_STATE_CONNECT_SSL:
+		ev = EV_WRITE;
 		dispatch = io_dispatch_connect_ssl;
 		break;
 	case IO_STATE_ACCEPT_SSL:
+		ev = EV_READ;
 		dispatch = io_dispatch_accept_ssl;
 		break;
 	case IO_STATE_UP:

smtpd/smtp.c

@@ -428,6 +428,7 @@ smtp_accept(int fd, short event, void *p)
 		close(sock);
 		return;
 	}
+	io_set_blocking(sock, 0);
 
 	sessions++;
 	stat_increment("smtp.session", 1);