From 597a9dc18b943498a3f42065e756e1b0a648987c Mon Sep 17 00:00:00 2001
From: beck <>
Date: Sat, 12 Sep 2015 21:00:38 +0000
Subject: Move connection info into it's own private structure allocated and
 filled in at handshake time. change accessors to return const char * to
 remove need for caller to free memory. ok jsing@

---
 src/lib/libtls/tls.c | 17 +++++++++++++----
 1 file changed, 13 insertions(+), 4 deletions(-)

(limited to 'src/lib/libtls/tls.c')

diff --git a/src/lib/libtls/tls.c b/src/lib/libtls/tls.c
index 65103f106d..277970c932 100644
--- a/src/lib/libtls/tls.c
+++ b/src/lib/libtls/tls.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls.c,v 1.26 2015/09/12 19:54:31 jsing Exp $ */
+/* $OpenBSD: tls.c,v 1.27 2015/09/12 21:00:38 beck Exp $ */
 /*
  * Copyright (c) 2014 Joel Sing <jsing@openbsd.org>
  *
@@ -323,6 +323,10 @@ tls_reset(struct tls *ctx)
 	free(ctx->errmsg);
 	ctx->errmsg = NULL;
 	ctx->errnum = 0;
+
+	tls_free_conninfo(ctx->conninfo);
+	free(ctx->conninfo);
+	ctx->conninfo = NULL;
 }
 
 int
@@ -376,14 +380,19 @@ tls_handshake(struct tls *ctx)
 {
 	int rv = -1;
 
+	if ((ctx->conninfo = calloc(1, sizeof(*ctx->conninfo))) == NULL)
+		goto out;
+
 	if ((ctx->flags & TLS_CLIENT) != 0)
 		rv = tls_handshake_client(ctx);
 	else if ((ctx->flags & TLS_SERVER_CONN) != 0)
 		rv = tls_handshake_server(ctx);
 
-	if (rv == 0)
-		ctx->ssl_peer_cert = SSL_get_peer_certificate(ctx->ssl_conn);
-
+	if (rv == 0 &&
+	    (ctx->ssl_peer_cert = SSL_get_peer_certificate(ctx->ssl_conn)) &&
+	    (tls_get_conninfo(ctx) == -1))
+		rv = -1;
+out:
 	/* Prevent callers from performing incorrect error handling */
 	errno = 0;
 	return (rv);
-- 
cgit v1.2.3-55-g6feb