diff options
| author | Joel Sing <jsing@cvs.openbsd.org> | 2017-01-26 12:56:38 +0000 |
|---|---|---|
| committer | Joel Sing <jsing@cvs.openbsd.org> | 2017-01-26 12:56:38 +0000 |
| commit | e173df0131cb7072da934d265d564d849b23fc85 (patch) | |
| tree | ab465c1dcc3311db63dd3fad5ec67fececb884e3 /lib/libtls/tls_server.c | |
| parent | f3bf891242277210ee9189f7d8282399aae8271e (diff) | |
Use a flag to track when we need to call SSL_shutdown(). This avoids an
issue where by calling tls_close() on a TLS context that has not attempted
a handshake, results in an unexpected failure.
Reported by Vinay Sajip.
ok beck@
Diffstat (limited to 'lib/libtls/tls_server.c')
| -rw-r--r-- | lib/libtls/tls_server.c | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/lib/libtls/tls_server.c b/lib/libtls/tls_server.c index 5bf87552cb6..1a1a48a1699 100644 --- a/lib/libtls/tls_server.c +++ b/lib/libtls/tls_server.c @@ -1,4 +1,4 @@ -/* $OpenBSD: tls_server.c,v 1.33 2017/01/24 01:48:05 claudio Exp $ */ +/* $OpenBSD: tls_server.c,v 1.34 2017/01/26 12:56:37 jsing Exp $ */ /* * Copyright (c) 2014 Joel Sing <jsing@openbsd.org> * @@ -457,6 +457,8 @@ tls_handshake_server(struct tls *ctx) goto err; } + ctx->state |= TLS_SSL_NEEDS_SHUTDOWN; + ERR_clear_error(); if ((ssl_ret = SSL_accept(ctx->ssl_conn)) != 1) { rv = tls_ssl_error(ctx, ctx->ssl_conn, ssl_ret, "handshake"); |