Return an error if tls_handshake() is called on a TLS context that has

already completed a TLS handshake.
author: jsing <> 2017-05-07 01:59:34 +0000
committer: jsing <> 2017-05-07 01:59:34 +0000
commit: 29048f09f31c8ae2fd81a3d7888fea2d0539ec62 (patch)
tree: 2ee9572051194c167e5201c198bd87308abae2df
parent: 5f8f9e28b0e1a4c703500552e678a4335bca5039 (diff)
download: openbsd-29048f09f31c8ae2fd81a3d7888fea2d0539ec62.tar.gz
openbsd-29048f09f31c8ae2fd81a3d7888fea2d0539ec62.tar.bz2
openbsd-29048f09f31c8ae2fd81a3d7888fea2d0539ec62.zip
1 files changed, 6 insertions, 1 deletions
diff --git a/src/lib/libtls/tls.c b/src/lib/libtls/tls.c
index b639873df4..7906788b08 100644
--- a/src/lib/libtls/tls.c
+++ b/src/lib/libtls/tls.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls.c,v 1.62 2017/05/06 20:59:28 jsing Exp $ */
+/* $OpenBSD: tls.c,v 1.63 2017/05/07 01:59:34 jsing Exp $ */
 /*
 * Copyright (c) 2014 Joel Sing <jsing@openbsd.org>
 *
@@ -627,6 +627,11 @@ tls_handshake(struct tls *ctx)
                goto out;
        }
+        if ((ctx->state & TLS_HANDSHAKE_COMPLETE) != 0) {
+                tls_set_errorx(ctx, "handshake already completed");
+                goto out;
+        }
        if ((ctx->flags & TLS_CLIENT) != 0)
                rv = tls_handshake_client(ctx);
        else if ((ctx->flags & TLS_SERVER_CONN) != 0)
author	jsing <>	2017-05-07 01:59:34 +0000
committer	jsing <>	2017-05-07 01:59:34 +0000
commit	29048f09f31c8ae2fd81a3d7888fea2d0539ec62 (patch)
tree	2ee9572051194c167e5201c198bd87308abae2df
parent	5f8f9e28b0e1a4c703500552e678a4335bca5039 (diff)
download	openbsd-29048f09f31c8ae2fd81a3d7888fea2d0539ec62.tar.gz openbsd-29048f09f31c8ae2fd81a3d7888fea2d0539ec62.tar.bz2 openbsd-29048f09f31c8ae2fd81a3d7888fea2d0539ec62.zip