summaryrefslogtreecommitdiff
path: root/src/lib
diff options
context:
space:
mode:
authorjsing <>2015-03-31 12:21:27 +0000
committerjsing <>2015-03-31 12:21:27 +0000
commitb5828f12ff689b9c1b62264b27b32dcbd97de33f (patch)
treed79f85860400a651427592168da3935f38b4ff73 /src/lib
parent9f9909654ade9ba11a37c45f75c146ac91419bca (diff)
downloadopenbsd-b5828f12ff689b9c1b62264b27b32dcbd97de33f.tar.gz
openbsd-b5828f12ff689b9c1b62264b27b32dcbd97de33f.tar.bz2
openbsd-b5828f12ff689b9c1b62264b27b32dcbd97de33f.zip
Store errors that occur during a tls_accept_socket() call on the context
for the server, rather than on the context for the connection. This makes more sense than the current behaviour does. Issue reported by Tim van der Molen.
Diffstat (limited to 'src/lib')
-rw-r--r--src/lib/libtls/tls.c10
-rw-r--r--src/lib/libtls/tls_client.c4
-rw-r--r--src/lib/libtls/tls_internal.h5
-rw-r--r--src/lib/libtls/tls_server.c4
4 files changed, 12 insertions, 11 deletions
diff --git a/src/lib/libtls/tls.c b/src/lib/libtls/tls.c
index 9fc81b5a64..b7b6570ff9 100644
--- a/src/lib/libtls/tls.c
+++ b/src/lib/libtls/tls.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: tls.c,v 1.7 2015/02/07 09:50:09 jsing Exp $ */ 1/* $OpenBSD: tls.c,v 1.8 2015/03/31 12:21:27 jsing Exp $ */
2/* 2/*
3 * Copyright (c) 2014 Joel Sing <jsing@openbsd.org> 3 * Copyright (c) 2014 Joel Sing <jsing@openbsd.org>
4 * 4 *
@@ -237,13 +237,13 @@ tls_reset(struct tls *ctx)
237} 237}
238 238
239int 239int
240tls_ssl_error(struct tls *ctx, int ssl_ret, const char *prefix) 240tls_ssl_error(struct tls *ctx, SSL *ssl_conn, int ssl_ret, const char *prefix)
241{ 241{
242 const char *errstr = "unknown error"; 242 const char *errstr = "unknown error";
243 unsigned long err; 243 unsigned long err;
244 int ssl_err; 244 int ssl_err;
245 245
246 ssl_err = SSL_get_error(ctx->ssl_conn, ssl_ret); 246 ssl_err = SSL_get_error(ssl_conn, ssl_ret);
247 switch (ssl_err) { 247 switch (ssl_err) {
248 case SSL_ERROR_NONE: 248 case SSL_ERROR_NONE:
249 return (0); 249 return (0);
@@ -301,7 +301,7 @@ tls_read(struct tls *ctx, void *buf, size_t buflen, size_t *outlen)
301 return (0); 301 return (0);
302 } 302 }
303 303
304 return tls_ssl_error(ctx, ssl_ret, "read"); 304 return tls_ssl_error(ctx, ctx->ssl_conn, ssl_ret, "read");
305} 305}
306 306
307int 307int
@@ -320,7 +320,7 @@ tls_write(struct tls *ctx, const void *buf, size_t buflen, size_t *outlen)
320 return (0); 320 return (0);
321 } 321 }
322 322
323 return tls_ssl_error(ctx, ssl_ret, "write"); 323 return tls_ssl_error(ctx, ctx->ssl_conn, ssl_ret, "write");
324} 324}
325 325
326int 326int
diff --git a/src/lib/libtls/tls_client.c b/src/lib/libtls/tls_client.c
index 2414034651..7c4ca9f306 100644
--- a/src/lib/libtls/tls_client.c
+++ b/src/lib/libtls/tls_client.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: tls_client.c,v 1.16 2015/03/21 15:35:15 sthen Exp $ */ 1/* $OpenBSD: tls_client.c,v 1.17 2015/03/31 12:21:27 jsing Exp $ */
2/* 2/*
3 * Copyright (c) 2014 Joel Sing <jsing@openbsd.org> 3 * Copyright (c) 2014 Joel Sing <jsing@openbsd.org>
4 * 4 *
@@ -246,7 +246,7 @@ tls_connect_fds(struct tls *ctx, int fd_read, int fd_write,
246 246
247 connecting: 247 connecting:
248 if ((ret = SSL_connect(ctx->ssl_conn)) != 1) { 248 if ((ret = SSL_connect(ctx->ssl_conn)) != 1) {
249 err = tls_ssl_error(ctx, ret, "connect"); 249 err = tls_ssl_error(ctx, ctx->ssl_conn, ret, "connect");
250 if (err == TLS_READ_AGAIN || err == TLS_WRITE_AGAIN) { 250 if (err == TLS_READ_AGAIN || err == TLS_WRITE_AGAIN) {
251 ctx->flags |= TLS_CONNECTING; 251 ctx->flags |= TLS_CONNECTING;
252 return (err); 252 return (err);
diff --git a/src/lib/libtls/tls_internal.h b/src/lib/libtls/tls_internal.h
index d1ba48ea1a..ba37e136e6 100644
--- a/src/lib/libtls/tls_internal.h
+++ b/src/lib/libtls/tls_internal.h
@@ -1,4 +1,4 @@
1/* $OpenBSD: tls_internal.h,v 1.11 2015/02/22 14:50:41 jsing Exp $ */ 1/* $OpenBSD: tls_internal.h,v 1.12 2015/03/31 12:21:27 jsing Exp $ */
2/* 2/*
3 * Copyright (c) 2014 Jeremie Courreges-Anglas <jca@openbsd.org> 3 * Copyright (c) 2014 Jeremie Courreges-Anglas <jca@openbsd.org>
4 * Copyright (c) 2014 Joel Sing <jsing@openbsd.org> 4 * Copyright (c) 2014 Joel Sing <jsing@openbsd.org>
@@ -77,6 +77,7 @@ int tls_host_port(const char *hostport, char **host, char **port);
77int tls_set_error(struct tls *ctx, char *fmt, ...) 77int tls_set_error(struct tls *ctx, char *fmt, ...)
78 __attribute__((__format__ (printf, 2, 3))) 78 __attribute__((__format__ (printf, 2, 3)))
79 __attribute__((__nonnull__ (2))); 79 __attribute__((__nonnull__ (2)));
80int tls_ssl_error(struct tls *ctx, int ssl_ret, const char *prefix); 80int tls_ssl_error(struct tls *ctx, SSL *ssl_conn, int ssl_ret,
81 const char *prefix);
81 82
82#endif /* HEADER_TLS_INTERNAL_H */ 83#endif /* HEADER_TLS_INTERNAL_H */
diff --git a/src/lib/libtls/tls_server.c b/src/lib/libtls/tls_server.c
index 8f34ecdded..cbe064e2f5 100644
--- a/src/lib/libtls/tls_server.c
+++ b/src/lib/libtls/tls_server.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: tls_server.c,v 1.5 2015/02/07 09:50:09 jsing Exp $ */ 1/* $OpenBSD: tls_server.c,v 1.6 2015/03/31 12:21:27 jsing Exp $ */
2/* 2/*
3 * Copyright (c) 2014 Joel Sing <jsing@openbsd.org> 3 * Copyright (c) 2014 Joel Sing <jsing@openbsd.org>
4 * 4 *
@@ -131,7 +131,7 @@ tls_accept_socket(struct tls *ctx, struct tls **cctx, int socket)
131 } 131 }
132 132
133 if ((ret = SSL_accept(conn_ctx->ssl_conn)) != 1) { 133 if ((ret = SSL_accept(conn_ctx->ssl_conn)) != 1) {
134 err = tls_ssl_error(conn_ctx, ret, "accept"); 134 err = tls_ssl_error(ctx, conn_ctx->ssl_conn, ret, "accept");
135 if (err == TLS_READ_AGAIN || err == TLS_WRITE_AGAIN) { 135 if (err == TLS_READ_AGAIN || err == TLS_WRITE_AGAIN) {
136 return (err); 136 return (err);
137 } 137 }
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-26 02:17:27 +0000