diff options
author | Claudio Jeker <claudio@cvs.openbsd.org> | 2017-11-28 01:24:23 +0000 |
---|---|---|
committer | Claudio Jeker <claudio@cvs.openbsd.org> | 2017-11-28 01:24:23 +0000 |
commit | fc5a609b64da285f85641aad16540a1bb1202edf (patch) | |
tree | 15185a8a1ab381dbb896e6a4fa26a763ec112023 /usr.sbin | |
parent | 5a7120b472b4102f2fc7268fdd7aaf56dc02c3fe (diff) |
In TLS inspection mode we also need to keep the server tls object around.
For this we need to add an additional pointer to the ctl_relay_event.
Diff from Petri Mikkila (pmikkila at gmail)
OK benno@
Diffstat (limited to 'usr.sbin')
-rw-r--r-- | usr.sbin/relayd/relay.c | 9 | ||||
-rw-r--r-- | usr.sbin/relayd/relayd.h | 3 |
2 files changed, 7 insertions, 5 deletions
diff --git a/usr.sbin/relayd/relay.c b/usr.sbin/relayd/relay.c index 5eae48dd53b..6d5bc65a79b 100644 --- a/usr.sbin/relayd/relay.c +++ b/usr.sbin/relayd/relay.c @@ -1,4 +1,4 @@ -/* $OpenBSD: relay.c,v 1.234 2017/11/28 00:17:56 claudio Exp $ */ +/* $OpenBSD: relay.c,v 1.235 2017/11/28 01:24:22 claudio Exp $ */ /* * Copyright (c) 2006 - 2014 Reyk Floeter <reyk@openbsd.org> @@ -1705,6 +1705,7 @@ relay_close(struct rsession *con, const char *msg) if (con->se_in.tls != NULL) tls_close(con->se_in.tls); tls_free(con->se_in.tls); + tls_free(con->se_in.tls_ctx); tls_config_free(con->se_in.tls_cfg); free(con->se_in.tlscert); if (con->se_in.s != -1) { @@ -1727,6 +1728,7 @@ relay_close(struct rsession *con, const char *msg) if (con->se_out.tls != NULL) tls_close(con->se_out.tls); tls_free(con->se_out.tls); + tls_free(con->se_out.tls_ctx); tls_config_free(con->se_out.tls_cfg); free(con->se_out.tlscert); if (con->se_out.s != -1) { @@ -2177,7 +2179,7 @@ static struct tls * relay_tls_inspect_create(struct relay *rlay, struct ctl_relay_event *cre) { struct tls_config *tls_cfg; - struct tls *tls; + struct tls *tls = NULL; const char *fake_key; int fake_keylen; @@ -2220,6 +2222,7 @@ relay_tls_inspect_create(struct relay *rlay, struct ctl_relay_event *cre) } cre->tls_cfg = tls_cfg; + cre->tls_ctx = tls; return (tls); err: tls_config_free(tls_cfg); @@ -2248,8 +2251,6 @@ relay_tls_transaction(struct rsession *con, struct ctl_relay_event *cre) errstr = "could not accept the TLS connection"; goto err; } - if (cre->tlscert != NULL) - tls_free(tls_server); flag = EV_READ; } else { cre->tls = tls_client(); diff --git a/usr.sbin/relayd/relayd.h b/usr.sbin/relayd/relayd.h index 6a35208aec1..b5b278714d8 100644 --- a/usr.sbin/relayd/relayd.h +++ b/usr.sbin/relayd/relayd.h @@ -1,4 +1,4 @@ -/* $OpenBSD: relayd.h,v 1.245 2017/11/27 23:21:16 claudio Exp $ */ +/* $OpenBSD: relayd.h,v 1.246 2017/11/28 01:24:22 claudio Exp $ */ /* * Copyright (c) 2006 - 2016 Reyk Floeter <reyk@openbsd.org> @@ -206,6 +206,7 @@ struct ctl_relay_event { struct tls *tls; struct tls_config *tls_cfg; + struct tls *tls_ctx; uint8_t *tlscert; size_t tlscert_len; |