diff options
| author | jsing <> | 2016-07-06 02:32:57 +0000 |
|---|---|---|
| committer | jsing <> | 2016-07-06 02:32:57 +0000 |
| commit | c6b61bddec1634e2d244575d39a9e88063218f88 (patch) | |
| tree | 58ad4ef350441b984af96d039974bf43b34e9db8 /src/lib | |
| parent | 30afec6fc9cf9685fdb410bf0fc90f10a1154872 (diff) | |
| download | openbsd-c6b61bddec1634e2d244575d39a9e88063218f88.tar.gz openbsd-c6b61bddec1634e2d244575d39a9e88063218f88.tar.bz2 openbsd-c6b61bddec1634e2d244575d39a9e88063218f88.zip | |
Correctly handle an EOF that occurs prior to the TLS handshake completing.
Reported by Vasily Kolobkov, based on a diff from Marko Kreen.
ok beck@
Diffstat (limited to 'src/lib')
| -rw-r--r-- | src/lib/libtls/tls.c | 9 |
1 files changed, 6 insertions, 3 deletions
diff --git a/src/lib/libtls/tls.c b/src/lib/libtls/tls.c index 76d00e53f3..783d320a9d 100644 --- a/src/lib/libtls/tls.c +++ b/src/lib/libtls/tls.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: tls.c,v 1.38 2016/05/27 14:38:40 jsing Exp $ */ | 1 | /* $OpenBSD: tls.c,v 1.39 2016/07/06 02:32:57 jsing Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 2014 Joel Sing <jsing@openbsd.org> | 3 | * Copyright (c) 2014 Joel Sing <jsing@openbsd.org> |
| 4 | * | 4 | * |
| @@ -418,8 +418,11 @@ tls_ssl_error(struct tls *ctx, SSL *ssl_conn, int ssl_ret, const char *prefix) | |||
| 418 | if ((err = ERR_peek_error()) != 0) { | 418 | if ((err = ERR_peek_error()) != 0) { |
| 419 | errstr = ERR_error_string(err, NULL); | 419 | errstr = ERR_error_string(err, NULL); |
| 420 | } else if (ssl_ret == 0) { | 420 | } else if (ssl_ret == 0) { |
| 421 | ctx->state |= TLS_EOF_NO_CLOSE_NOTIFY; | 421 | if ((ctx->state & TLS_HANDSHAKE_COMPLETE) != 0) { |
| 422 | return (0); | 422 | ctx->state |= TLS_EOF_NO_CLOSE_NOTIFY; |
| 423 | return (0); | ||
| 424 | } | ||
| 425 | errstr = "unexpected EOF"; | ||
| 423 | } else if (ssl_ret == -1) { | 426 | } else if (ssl_ret == -1) { |
| 424 | errstr = strerror(errno); | 427 | errstr = strerror(errno); |
| 425 | } | 428 | } |