diff options
| author | Joel Sing <jsing@cvs.openbsd.org> | 2015-08-27 14:34:47 +0000 |
|---|---|---|
| committer | Joel Sing <jsing@cvs.openbsd.org> | 2015-08-27 14:34:47 +0000 |
| commit | 28d6ab8e0351c97588124f27b60b93a49e566776 (patch) | |
| tree | cde9d4c239121d727973f0892ab812f78aec1665 /lib/libtls/tls.c | |
| parent | f911c3215645135805e091751dc423e33963bb24 (diff) | |
Split the persistent/configuration flags from temporary state flags and
ensure that the temporary state flags get cleared in tls_reset(). Fixes a
bug spotted by Marko Kreen whereby TLS_CONNECTING could remain on reset.
While here, also move the TLS_STATE_CONNECTING check to after the
TLS_CLIENT check - if TLS_STATE_CONNECTING was ever set on any other
context type it would allow a bypass.
ok bluhm@
Diffstat (limited to 'lib/libtls/tls.c')
| -rw-r--r-- | lib/libtls/tls.c | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/lib/libtls/tls.c b/lib/libtls/tls.c index 4536bae1837..c79191ee157 100644 --- a/lib/libtls/tls.c +++ b/lib/libtls/tls.c @@ -1,4 +1,4 @@ -/* $OpenBSD: tls.c,v 1.13 2015/08/22 14:20:53 jsing Exp $ */ +/* $OpenBSD: tls.c,v 1.14 2015/08/27 14:34:46 jsing Exp $ */ /* * Copyright (c) 2014 Joel Sing <jsing@openbsd.org> * @@ -233,6 +233,7 @@ tls_reset(struct tls *ctx) ctx->ssl_ctx = NULL; ctx->socket = -1; + ctx->state = 0; ctx->err = 0; free(ctx->errmsg); |