From 9385a1fd21f3850678c58b5cc8702c3a54b91ead Mon Sep 17 00:00:00 2001 From: jsing <> Date: Thu, 27 Aug 2015 14:34:46 +0000 Subject: Split the persistent/configuration flags from temporary state flags and ensure that the temporary state flags get cleared in tls_reset(). Fixes a bug spotted by Marko Kreen whereby TLS_CONNECTING could remain on reset. While here, also move the TLS_STATE_CONNECTING check to after the TLS_CLIENT check - if TLS_STATE_CONNECTING was ever set on any other context type it would allow a bypass. ok bluhm@ --- src/lib/libtls/tls.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'src/lib/libtls/tls.c') diff --git a/src/lib/libtls/tls.c b/src/lib/libtls/tls.c index 4536bae183..c79191ee15 100644 --- a/src/lib/libtls/tls.c +++ b/src/lib/libtls/tls.c @@ -1,4 +1,4 @@ -/* $OpenBSD: tls.c,v 1.13 2015/08/22 14:20:53 jsing Exp $ */ +/* $OpenBSD: tls.c,v 1.14 2015/08/27 14:34:46 jsing Exp $ */ /* * Copyright (c) 2014 Joel Sing * @@ -233,6 +233,7 @@ tls_reset(struct tls *ctx) ctx->ssl_ctx = NULL; ctx->socket = -1; + ctx->state = 0; ctx->err = 0; free(ctx->errmsg); -- cgit v1.2.3-55-g6feb