1 files changed, 13 insertions, 4 deletions
diff --git a/src/lib/libtls/tls.c b/src/lib/libtls/tls.c
index 65103f106d..277970c932 100644
--- a/src/lib/libtls/tls.c
+++ b/src/lib/libtls/tls.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls.c,v 1.26 2015/09/12 19:54:31 jsing Exp $ */
+/* $OpenBSD: tls.c,v 1.27 2015/09/12 21:00:38 beck Exp $ */
 /*
 * Copyright (c) 2014 Joel Sing <jsing@openbsd.org>
 *
@@ -323,6 +323,10 @@ tls_reset(struct tls *ctx)
        free(ctx->errmsg);
        ctx->errmsg = NULL;
        ctx->errnum = 0;
+        tls_free_conninfo(ctx->conninfo);
+        free(ctx->conninfo);
+        ctx->conninfo = NULL;
 }
 int
@@ -376,14 +380,19 @@ tls_handshake(struct tls *ctx)
 {
        int rv = -1;
+        if ((ctx->conninfo = calloc(1, sizeof(*ctx->conninfo))) == NULL)
+                goto out;
        if ((ctx->flags & TLS_CLIENT) != 0)
                rv = tls_handshake_client(ctx);
        else if ((ctx->flags & TLS_SERVER_CONN) != 0)
                rv = tls_handshake_server(ctx);
-        if (rv == 0)
+        if (rv == 0 &&
-                ctx->ssl_peer_cert = SSL_get_peer_certificate(ctx->ssl_conn);
+            (ctx->ssl_peer_cert = SSL_get_peer_certificate(ctx->ssl_conn)) &&
+            (tls_get_conninfo(ctx) == -1))
+                rv = -1;
+out:
        /* Prevent callers from performing incorrect error handling */
        errno = 0;
        return (rv);

diff --git a/src/lib/libtls/tls.c b/src/lib/libtls/tls.c index 65103f106d..277970c932 100644 --- a/src/lib/libtls/tls.c +++ b/src/lib/libtls/tls.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: tls.c,v 1.26 2015/09/12 19:54:31 jsing Exp $ */	1	/* $OpenBSD: tls.c,v 1.27 2015/09/12 21:00:38 beck Exp $ */
2	/*	2	/*
3	* Copyright (c) 2014 Joel Sing <jsing@openbsd.org>	3	* Copyright (c) 2014 Joel Sing <jsing@openbsd.org>
4	*	4	*
@@ -323,6 +323,10 @@ tls_reset(struct tls *ctx)
323	free(ctx->errmsg);	323	free(ctx->errmsg);
324	ctx->errmsg = NULL;	324	ctx->errmsg = NULL;
325	ctx->errnum = 0;	325	ctx->errnum = 0;
		326
		327	tls_free_conninfo(ctx->conninfo);
		328	free(ctx->conninfo);
		329	ctx->conninfo = NULL;
326	}	330	}
327		331
328	int	332	int
@@ -376,14 +380,19 @@ tls_handshake(struct tls *ctx)
376	{	380	{
377	int rv = -1;	381	int rv = -1;
378		382
		383	if ((ctx->conninfo = calloc(1, sizeof(*ctx->conninfo))) == NULL)
		384	goto out;
		385
379	if ((ctx->flags & TLS_CLIENT) != 0)	386	if ((ctx->flags & TLS_CLIENT) != 0)
380	rv = tls_handshake_client(ctx);	387	rv = tls_handshake_client(ctx);
381	else if ((ctx->flags & TLS_SERVER_CONN) != 0)	388	else if ((ctx->flags & TLS_SERVER_CONN) != 0)
382	rv = tls_handshake_server(ctx);	389	rv = tls_handshake_server(ctx);
383		390
384	if (rv == 0)	391	if (rv == 0 &&
385	ctx->ssl_peer_cert = SSL_get_peer_certificate(ctx->ssl_conn);	392	(ctx->ssl_peer_cert = SSL_get_peer_certificate(ctx->ssl_conn)) &&
386		393	(tls_get_conninfo(ctx) == -1))
		394	rv = -1;
		395	out:
387	/* Prevent callers from performing incorrect error handling */	396	/* Prevent callers from performing incorrect error handling */
388	errno = 0;	397	errno = 0;
389	return (rv);	398	return (rv);