diff options
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/libtls/tls.c | 15 |
1 files changed, 13 insertions, 2 deletions
diff --git a/lib/libtls/tls.c b/lib/libtls/tls.c index 3012ea62a63..cb2833cb54c 100644 --- a/lib/libtls/tls.c +++ b/lib/libtls/tls.c @@ -1,4 +1,4 @@ -/* $OpenBSD: tls.c,v 1.29 2015/09/13 15:39:15 beck Exp $ */ +/* $OpenBSD: tls.c,v 1.30 2015/09/14 12:20:40 jsing Exp $ */ /* * Copyright (c) 2014 Joel Sing <jsing@openbsd.org> * @@ -380,6 +380,11 @@ tls_handshake(struct tls *ctx) { int rv = -1; + if ((ctx->flags & (TLS_CLIENT | TLS_SERVER_CONN)) == 0) { + tls_set_errorx(ctx, "invalid operation for context"); + goto out; + } + if (ctx->conninfo == NULL && (ctx->conninfo = calloc(1, sizeof(*ctx->conninfo))) == NULL) goto out; @@ -393,7 +398,7 @@ tls_handshake(struct tls *ctx) (ctx->ssl_peer_cert = SSL_get_peer_certificate(ctx->ssl_conn)) && (tls_get_conninfo(ctx) == -1)) rv = -1; -out: + out: /* Prevent callers from performing incorrect error handling */ errno = 0; return (rv); @@ -463,6 +468,12 @@ tls_close(struct tls *ctx) int ssl_ret; int rv = 0; + if ((ctx->flags & (TLS_CLIENT | TLS_SERVER_CONN)) == 0) { + tls_set_errorx(ctx, "invalid operation for context"); + rv = -1; + goto out; + } + if (ctx->ssl_conn != NULL) { ERR_clear_error(); ssl_ret = SSL_shutdown(ctx->ssl_conn); |