summaryrefslogtreecommitdiff
path: root/lib/libtls/tls.c
diff options
context:
space:
mode:
authorJoel Sing <jsing@cvs.openbsd.org>2016-07-06 02:32:58 +0000
committerJoel Sing <jsing@cvs.openbsd.org>2016-07-06 02:32:58 +0000
commit41332fa193bcaa9a3c19307973579b3aff0e1fe9 (patch)
treed4f744108dd9eca9ab17ecd6a99d49c6138ce4f7 /lib/libtls/tls.c
parent385e58001c6436205b8775261f8eb915f33f2a1e (diff)
Correctly handle an EOF that occurs prior to the TLS handshake completing.
Reported by Vasily Kolobkov, based on a diff from Marko Kreen. ok beck@
Diffstat (limited to 'lib/libtls/tls.c')
-rw-r--r--lib/libtls/tls.c9
1 files changed, 6 insertions, 3 deletions
diff --git a/lib/libtls/tls.c b/lib/libtls/tls.c
index 76d00e53f36..783d320a9d4 100644
--- a/lib/libtls/tls.c
+++ b/lib/libtls/tls.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls.c,v 1.38 2016/05/27 14:38:40 jsing Exp $ */
+/* $OpenBSD: tls.c,v 1.39 2016/07/06 02:32:57 jsing Exp $ */
/*
* Copyright (c) 2014 Joel Sing <jsing@openbsd.org>
*
@@ -418,8 +418,11 @@ tls_ssl_error(struct tls *ctx, SSL *ssl_conn, int ssl_ret, const char *prefix)
if ((err = ERR_peek_error()) != 0) {
errstr = ERR_error_string(err, NULL);
} else if (ssl_ret == 0) {
- ctx->state |= TLS_EOF_NO_CLOSE_NOTIFY;
- return (0);
+ if ((ctx->state & TLS_HANDSHAKE_COMPLETE) != 0) {
+ ctx->state |= TLS_EOF_NO_CLOSE_NOTIFY;
+ return (0);
+ }
+ errstr = "unexpected EOF";
} else if (ssl_ret == -1) {
errstr = strerror(errno);
}