summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
Diffstat (limited to 'src')
-rw-r--r--src/lib/libtls/tls.c15
-rw-r--r--src/lib/libtls/tls_internal.h5
2 files changed, 14 insertions, 6 deletions
diff --git a/src/lib/libtls/tls.c b/src/lib/libtls/tls.c
index cb2833cb54..236ed9185b 100644
--- a/src/lib/libtls/tls.c
+++ b/src/lib/libtls/tls.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: tls.c,v 1.30 2015/09/14 12:20:40 jsing Exp $ */ 1/* $OpenBSD: tls.c,v 1.31 2015/09/14 12:29:16 jsing Exp $ */
2/* 2/*
3 * Copyright (c) 2014 Joel Sing <jsing@openbsd.org> 3 * Copyright (c) 2014 Joel Sing <jsing@openbsd.org>
4 * 4 *
@@ -352,7 +352,8 @@ tls_ssl_error(struct tls *ctx, SSL *ssl_conn, int ssl_ret, const char *prefix)
352 if ((err = ERR_peek_error()) != 0) { 352 if ((err = ERR_peek_error()) != 0) {
353 errstr = ERR_error_string(err, NULL); 353 errstr = ERR_error_string(err, NULL);
354 } else if (ssl_ret == 0) { 354 } else if (ssl_ret == 0) {
355 errstr = "EOF"; 355 ctx->state |= TLS_EOF_NO_CLOSE_NOTIFY;
356 return (0);
356 } else if (ssl_ret == -1) { 357 } else if (ssl_ret == -1) {
357 errstr = strerror(errno); 358 errstr = strerror(errno);
358 } 359 }
@@ -421,7 +422,7 @@ tls_read(struct tls *ctx, void *buf, size_t buflen)
421 } 422 }
422 423
423 ERR_clear_error(); 424 ERR_clear_error();
424 if ((ssl_ret = SSL_read(ctx->ssl_conn, buf, buflen)) >= 0) { 425 if ((ssl_ret = SSL_read(ctx->ssl_conn, buf, buflen)) > 0) {
425 rv = (ssize_t)ssl_ret; 426 rv = (ssize_t)ssl_ret;
426 goto out; 427 goto out;
427 } 428 }
@@ -450,7 +451,7 @@ tls_write(struct tls *ctx, const void *buf, size_t buflen)
450 } 451 }
451 452
452 ERR_clear_error(); 453 ERR_clear_error();
453 if ((ssl_ret = SSL_write(ctx->ssl_conn, buf, buflen)) >= 0) { 454 if ((ssl_ret = SSL_write(ctx->ssl_conn, buf, buflen)) > 0) {
454 rv = (ssize_t)ssl_ret; 455 rv = (ssize_t)ssl_ret;
455 goto out; 456 goto out;
456 } 457 }
@@ -501,6 +502,12 @@ tls_close(struct tls *ctx)
501 } 502 }
502 ctx->socket = -1; 503 ctx->socket = -1;
503 } 504 }
505
506 if ((ctx->state & TLS_EOF_NO_CLOSE_NOTIFY) != 0) {
507 tls_set_errorx(ctx, "EOF without close notify");
508 rv = -1;
509 }
510
504 out: 511 out:
505 /* Prevent callers from performing incorrect error handling */ 512 /* Prevent callers from performing incorrect error handling */
506 errno = 0; 513 errno = 0;
diff --git a/src/lib/libtls/tls_internal.h b/src/lib/libtls/tls_internal.h
index d7878a75e3..320f1fbfaa 100644
--- a/src/lib/libtls/tls_internal.h
+++ b/src/lib/libtls/tls_internal.h
@@ -1,4 +1,4 @@
1/* $OpenBSD: tls_internal.h,v 1.22 2015/09/13 10:32:46 beck Exp $ */ 1/* $OpenBSD: tls_internal.h,v 1.23 2015/09/14 12:29:16 jsing Exp $ */
2/* 2/*
3 * Copyright (c) 2014 Jeremie Courreges-Anglas <jca@openbsd.org> 3 * Copyright (c) 2014 Jeremie Courreges-Anglas <jca@openbsd.org>
4 * Copyright (c) 2014 Joel Sing <jsing@openbsd.org> 4 * Copyright (c) 2014 Joel Sing <jsing@openbsd.org>
@@ -62,7 +62,8 @@ struct tls_conninfo {
62#define TLS_SERVER (1 << 1) 62#define TLS_SERVER (1 << 1)
63#define TLS_SERVER_CONN (1 << 2) 63#define TLS_SERVER_CONN (1 << 2)
64 64
65#define TLS_HANDSHAKE_COMPLETE (1 << 0) 65#define TLS_EOF_NO_CLOSE_NOTIFY (1 << 0)
66#define TLS_HANDSHAKE_COMPLETE (1 << 1)
66 67
67struct tls { 68struct tls {
68 struct tls_config *config; 69 struct tls_config *config;
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-12-07 19:12:30 +0000