diff options
| author | jsing <> | 2015-04-02 13:19:15 +0000 |
|---|---|---|
| committer | jsing <> | 2015-04-02 13:19:15 +0000 |
| commit | f2f92a2f5098f67338df0882b17ec3f65d4364d0 (patch) | |
| tree | d0086594500ece17ecc850e62e7bf342bb51b3e1 /src | |
| parent | eb612cbe415759f36d06b1f632d581cf43bc4473 (diff) | |
| download | openbsd-f2f92a2f5098f67338df0882b17ec3f65d4364d0.tar.gz openbsd-f2f92a2f5098f67338df0882b17ec3f65d4364d0.tar.bz2 openbsd-f2f92a2f5098f67338df0882b17ec3f65d4364d0.zip | |
Handle the case where multiple calls to SSL_shutdown() are required to
close the connection. Also correctly handle the error on failure.
Diff from cookieandscream via github.
Diffstat (limited to 'src')
| -rw-r--r-- | src/lib/libtls/tls.c | 15 | ||||
| -rw-r--r-- | src/lib/libtls/tls_init.3 | 7 |
2 files changed, 14 insertions, 8 deletions
diff --git a/src/lib/libtls/tls.c b/src/lib/libtls/tls.c index b7b6570ff9..d942c35fec 100644 --- a/src/lib/libtls/tls.c +++ b/src/lib/libtls/tls.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: tls.c,v 1.8 2015/03/31 12:21:27 jsing Exp $ */ | 1 | /* $OpenBSD: tls.c,v 1.9 2015/04/02 13:19:15 jsing Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 2014 Joel Sing <jsing@openbsd.org> | 3 | * Copyright (c) 2014 Joel Sing <jsing@openbsd.org> |
| 4 | * | 4 | * |
| @@ -326,12 +326,15 @@ tls_write(struct tls *ctx, const void *buf, size_t buflen, size_t *outlen) | |||
| 326 | int | 326 | int |
| 327 | tls_close(struct tls *ctx) | 327 | tls_close(struct tls *ctx) |
| 328 | { | 328 | { |
| 329 | /* XXX - handle case where multiple calls are required. */ | 329 | int ssl_ret; |
| 330 | |||
| 330 | if (ctx->ssl_conn != NULL) { | 331 | if (ctx->ssl_conn != NULL) { |
| 331 | if (SSL_shutdown(ctx->ssl_conn) == -1) { | 332 | ssl_ret = SSL_shutdown(ctx->ssl_conn); |
| 332 | tls_set_error(ctx, "SSL shutdown failed"); | 333 | if (ssl_ret == 0) |
| 333 | goto err; | 334 | ssl_ret = SSL_shutdown(ctx->ssl_conn); |
| 334 | } | 335 | if (ssl_ret < 0) |
| 336 | return tls_ssl_error(ctx, ctx->ssl_conn, ssl_ret, | ||
| 337 | "shutdown"); | ||
| 335 | } | 338 | } |
| 336 | 339 | ||
| 337 | if (ctx->socket != -1) { | 340 | if (ctx->socket != -1) { |
diff --git a/src/lib/libtls/tls_init.3 b/src/lib/libtls/tls_init.3 index 8df1d204ff..1ec8865075 100644 --- a/src/lib/libtls/tls_init.3 +++ b/src/lib/libtls/tls_init.3 | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | .\" $OpenBSD: tls_init.3,v 1.21 2015/04/02 05:54:22 jsing Exp $ | 1 | .\" $OpenBSD: tls_init.3,v 1.22 2015/04/02 13:19:15 jsing Exp $ |
| 2 | .\" | 2 | .\" |
| 3 | .\" Copyright (c) 2014 Ted Unangst <tedu@openbsd.org> | 3 | .\" Copyright (c) 2014 Ted Unangst <tedu@openbsd.org> |
| 4 | .\" | 4 | .\" |
| @@ -407,6 +407,7 @@ will return 0 on success and -1 on error. | |||
| 407 | Functions that return a pointer will return NULL on error. | 407 | Functions that return a pointer will return NULL on error. |
| 408 | .Pp | 408 | .Pp |
| 409 | The | 409 | The |
| 410 | .Fn tls_close , | ||
| 410 | .Fn tls_read | 411 | .Fn tls_read |
| 411 | and | 412 | and |
| 412 | .Fn tls_write | 413 | .Fn tls_write |
| @@ -424,8 +425,10 @@ A write operation is necessary to continue. | |||
| 424 | .El | 425 | .El |
| 425 | .Pp | 426 | .Pp |
| 426 | The caller should call the appropriate function, or in the case of the | 427 | The caller should call the appropriate function, or in the case of the |
| 428 | .Fn tls_close | ||
| 429 | and the | ||
| 427 | .Fn tls_accept | 430 | .Fn tls_accept |
| 428 | or | 431 | and |
| 429 | .Fn tls_connect | 432 | .Fn tls_connect |
| 430 | function families, repeat the call. | 433 | function families, repeat the call. |
| 431 | .Sh ERRORS | 434 | .Sh ERRORS |