summaryrefslogtreecommitdiff
path: root/usr.sbin
diff options
context:
space:
mode:
authorClaudio Jeker <claudio@cvs.openbsd.org>2017-11-28 01:24:23 +0000
committerClaudio Jeker <claudio@cvs.openbsd.org>2017-11-28 01:24:23 +0000
commitfc5a609b64da285f85641aad16540a1bb1202edf (patch)
tree15185a8a1ab381dbb896e6a4fa26a763ec112023 /usr.sbin
parent5a7120b472b4102f2fc7268fdd7aaf56dc02c3fe (diff)
In TLS inspection mode we also need to keep the server tls object around.
For this we need to add an additional pointer to the ctl_relay_event. Diff from Petri Mikkila (pmikkila at gmail) OK benno@
Diffstat (limited to 'usr.sbin')
-rw-r--r--usr.sbin/relayd/relay.c9
-rw-r--r--usr.sbin/relayd/relayd.h3
2 files changed, 7 insertions, 5 deletions
diff --git a/usr.sbin/relayd/relay.c b/usr.sbin/relayd/relay.c
index 5eae48dd53b..6d5bc65a79b 100644
--- a/usr.sbin/relayd/relay.c
+++ b/usr.sbin/relayd/relay.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: relay.c,v 1.234 2017/11/28 00:17:56 claudio Exp $ */
+/* $OpenBSD: relay.c,v 1.235 2017/11/28 01:24:22 claudio Exp $ */
/*
* Copyright (c) 2006 - 2014 Reyk Floeter <reyk@openbsd.org>
@@ -1705,6 +1705,7 @@ relay_close(struct rsession *con, const char *msg)
if (con->se_in.tls != NULL)
tls_close(con->se_in.tls);
tls_free(con->se_in.tls);
+ tls_free(con->se_in.tls_ctx);
tls_config_free(con->se_in.tls_cfg);
free(con->se_in.tlscert);
if (con->se_in.s != -1) {
@@ -1727,6 +1728,7 @@ relay_close(struct rsession *con, const char *msg)
if (con->se_out.tls != NULL)
tls_close(con->se_out.tls);
tls_free(con->se_out.tls);
+ tls_free(con->se_out.tls_ctx);
tls_config_free(con->se_out.tls_cfg);
free(con->se_out.tlscert);
if (con->se_out.s != -1) {
@@ -2177,7 +2179,7 @@ static struct tls *
relay_tls_inspect_create(struct relay *rlay, struct ctl_relay_event *cre)
{
struct tls_config *tls_cfg;
- struct tls *tls;
+ struct tls *tls = NULL;
const char *fake_key;
int fake_keylen;
@@ -2220,6 +2222,7 @@ relay_tls_inspect_create(struct relay *rlay, struct ctl_relay_event *cre)
}
cre->tls_cfg = tls_cfg;
+ cre->tls_ctx = tls;
return (tls);
err:
tls_config_free(tls_cfg);
@@ -2248,8 +2251,6 @@ relay_tls_transaction(struct rsession *con, struct ctl_relay_event *cre)
errstr = "could not accept the TLS connection";
goto err;
}
- if (cre->tlscert != NULL)
- tls_free(tls_server);
flag = EV_READ;
} else {
cre->tls = tls_client();
diff --git a/usr.sbin/relayd/relayd.h b/usr.sbin/relayd/relayd.h
index 6a35208aec1..b5b278714d8 100644
--- a/usr.sbin/relayd/relayd.h
+++ b/usr.sbin/relayd/relayd.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: relayd.h,v 1.245 2017/11/27 23:21:16 claudio Exp $ */
+/* $OpenBSD: relayd.h,v 1.246 2017/11/28 01:24:22 claudio Exp $ */
/*
* Copyright (c) 2006 - 2016 Reyk Floeter <reyk@openbsd.org>
@@ -206,6 +206,7 @@ struct ctl_relay_event {
struct tls *tls;
struct tls_config *tls_cfg;
+ struct tls *tls_ctx;
uint8_t *tlscert;
size_t tlscert_len;