From b5828f12ff689b9c1b62264b27b32dcbd97de33f Mon Sep 17 00:00:00 2001 From: jsing <> Date: Tue, 31 Mar 2015 12:21:27 +0000 Subject: Store errors that occur during a tls_accept_socket() call on the context for the server, rather than on the context for the connection. This makes more sense than the current behaviour does. Issue reported by Tim van der Molen. --- src/lib/libtls/tls.c | 10 +++++----- src/lib/libtls/tls_client.c | 4 ++-- src/lib/libtls/tls_internal.h | 5 +++-- src/lib/libtls/tls_server.c | 4 ++-- 4 files changed, 12 insertions(+), 11 deletions(-) (limited to 'src/lib') diff --git a/src/lib/libtls/tls.c b/src/lib/libtls/tls.c index 9fc81b5a64..b7b6570ff9 100644 --- a/src/lib/libtls/tls.c +++ b/src/lib/libtls/tls.c @@ -1,4 +1,4 @@ -/* $OpenBSD: tls.c,v 1.7 2015/02/07 09:50:09 jsing Exp $ */ +/* $OpenBSD: tls.c,v 1.8 2015/03/31 12:21:27 jsing Exp $ */ /* * Copyright (c) 2014 Joel Sing * @@ -237,13 +237,13 @@ tls_reset(struct tls *ctx) } int -tls_ssl_error(struct tls *ctx, int ssl_ret, const char *prefix) +tls_ssl_error(struct tls *ctx, SSL *ssl_conn, int ssl_ret, const char *prefix) { const char *errstr = "unknown error"; unsigned long err; int ssl_err; - ssl_err = SSL_get_error(ctx->ssl_conn, ssl_ret); + ssl_err = SSL_get_error(ssl_conn, ssl_ret); switch (ssl_err) { case SSL_ERROR_NONE: return (0); @@ -301,7 +301,7 @@ tls_read(struct tls *ctx, void *buf, size_t buflen, size_t *outlen) return (0); } - return tls_ssl_error(ctx, ssl_ret, "read"); + return tls_ssl_error(ctx, ctx->ssl_conn, ssl_ret, "read"); } int @@ -320,7 +320,7 @@ tls_write(struct tls *ctx, const void *buf, size_t buflen, size_t *outlen) return (0); } - return tls_ssl_error(ctx, ssl_ret, "write"); + return tls_ssl_error(ctx, ctx->ssl_conn, ssl_ret, "write"); } int diff --git a/src/lib/libtls/tls_client.c b/src/lib/libtls/tls_client.c index 2414034651..7c4ca9f306 100644 --- a/src/lib/libtls/tls_client.c +++ b/src/lib/libtls/tls_client.c @@ -1,4 +1,4 @@ -/* $OpenBSD: tls_client.c,v 1.16 2015/03/21 15:35:15 sthen Exp $ */ +/* $OpenBSD: tls_client.c,v 1.17 2015/03/31 12:21:27 jsing Exp $ */ /* * Copyright (c) 2014 Joel Sing * @@ -246,7 +246,7 @@ tls_connect_fds(struct tls *ctx, int fd_read, int fd_write, connecting: if ((ret = SSL_connect(ctx->ssl_conn)) != 1) { - err = tls_ssl_error(ctx, ret, "connect"); + err = tls_ssl_error(ctx, ctx->ssl_conn, ret, "connect"); if (err == TLS_READ_AGAIN || err == TLS_WRITE_AGAIN) { ctx->flags |= TLS_CONNECTING; return (err); diff --git a/src/lib/libtls/tls_internal.h b/src/lib/libtls/tls_internal.h index d1ba48ea1a..ba37e136e6 100644 --- a/src/lib/libtls/tls_internal.h +++ b/src/lib/libtls/tls_internal.h @@ -1,4 +1,4 @@ -/* $OpenBSD: tls_internal.h,v 1.11 2015/02/22 14:50:41 jsing Exp $ */ +/* $OpenBSD: tls_internal.h,v 1.12 2015/03/31 12:21:27 jsing Exp $ */ /* * Copyright (c) 2014 Jeremie Courreges-Anglas * Copyright (c) 2014 Joel Sing @@ -77,6 +77,7 @@ int tls_host_port(const char *hostport, char **host, char **port); int tls_set_error(struct tls *ctx, char *fmt, ...) __attribute__((__format__ (printf, 2, 3))) __attribute__((__nonnull__ (2))); -int tls_ssl_error(struct tls *ctx, int ssl_ret, const char *prefix); +int tls_ssl_error(struct tls *ctx, SSL *ssl_conn, int ssl_ret, + const char *prefix); #endif /* HEADER_TLS_INTERNAL_H */ diff --git a/src/lib/libtls/tls_server.c b/src/lib/libtls/tls_server.c index 8f34ecdded..cbe064e2f5 100644 --- a/src/lib/libtls/tls_server.c +++ b/src/lib/libtls/tls_server.c @@ -1,4 +1,4 @@ -/* $OpenBSD: tls_server.c,v 1.5 2015/02/07 09:50:09 jsing Exp $ */ +/* $OpenBSD: tls_server.c,v 1.6 2015/03/31 12:21:27 jsing Exp $ */ /* * Copyright (c) 2014 Joel Sing * @@ -131,7 +131,7 @@ tls_accept_socket(struct tls *ctx, struct tls **cctx, int socket) } if ((ret = SSL_accept(conn_ctx->ssl_conn)) != 1) { - err = tls_ssl_error(conn_ctx, ret, "accept"); + err = tls_ssl_error(ctx, conn_ctx->ssl_conn, ret, "accept"); if (err == TLS_READ_AGAIN || err == TLS_WRITE_AGAIN) { return (err); } -- cgit v1.2.3-55-g6feb