Move connection info into it's own private structure allocated and filled in

at handshake time. change accessors to return const char * to remove need
for caller to free memory.
ok jsing@

1 files changed, 13 insertions, 4 deletions

diff --git a/src/lib/libtls/tls.c b/src/lib/libtls/tls.c
index 65103f106d..277970c932 100644
--- a/src/lib/libtls/tls.c
+++ b/src/lib/libtls/tls.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls.c,v 1.26 2015/09/12 19:54:31 jsing Exp $ */
+/* $OpenBSD: tls.c,v 1.27 2015/09/12 21:00:38 beck Exp $ */
 /*
  * Copyright (c) 2014 Joel Sing <jsing@openbsd.org>
  *
@@ -323,6 +323,10 @@ tls_reset(struct tls *ctx)
         free(ctx->errmsg);
         ctx->errmsg = NULL;
         ctx->errnum = 0;
+
+        tls_free_conninfo(ctx->conninfo);
+        free(ctx->conninfo);
+        ctx->conninfo = NULL;
 }
 
 int
@@ -376,14 +380,19 @@ tls_handshake(struct tls *ctx)
 {
         int rv = -1;
 
+        if ((ctx->conninfo = calloc(1, sizeof(*ctx->conninfo))) == NULL)
+                goto out;
+
         if ((ctx->flags & TLS_CLIENT) != 0)
                 rv = tls_handshake_client(ctx);
         else if ((ctx->flags & TLS_SERVER_CONN) != 0)
                 rv = tls_handshake_server(ctx);
 
-        if (rv == 0)
-                ctx->ssl_peer_cert = SSL_get_peer_certificate(ctx->ssl_conn);
-
+        if (rv == 0 &&
+            (ctx->ssl_peer_cert = SSL_get_peer_certificate(ctx->ssl_conn)) &&
+            (tls_get_conninfo(ctx) == -1))
+                rv = -1;
+out:
         /* Prevent callers from performing incorrect error handling */
         errno = 0;
         return (rv);