summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorFlorin Coras <fcoras@cisco.com>2019-08-08 17:38:26 -0700
committerFlorin Coras <florin.coras@gmail.com>2019-08-09 19:19:31 +0000
commit28d86217bfee01f02b3d21751add572e6bdcc040 (patch)
treeffd02d62c22587b9abbdc1276c255a6b8e3490c8
parenta932a34a22991277123163c819cada87553dc478 (diff)
tls: mark as no lookup transport
Type:fix Also fix transport close while handshake is ongoing. Change-Id: I004c56d2297d0847c2cb77202f8fba3edaacad29 Signed-off-by: Florin Coras <fcoras@cisco.com> (cherry picked from commit d09236d17d86a5d50166b2017f8f30a560c6e1b8)
-rw-r--r--src/plugins/tlsopenssl/tls_openssl.c38
-rw-r--r--src/vnet/session/session.c2
-rw-r--r--src/vnet/tls/tls.c2
3 files changed, 27 insertions, 15 deletions
diff --git a/src/plugins/tlsopenssl/tls_openssl.c b/src/plugins/tlsopenssl/tls_openssl.c
index ee6b0e3172e..8d0fd36a04f 100644
--- a/src/plugins/tlsopenssl/tls_openssl.c
+++ b/src/plugins/tlsopenssl/tls_openssl.c
@@ -205,6 +205,28 @@ vpp_ssl_async_retry_func (tls_ctx_t * ctx, openssl_resume_handler * handler)
#endif
+static void
+openssl_handle_handshake_failure (tls_ctx_t * ctx)
+{
+ if (SSL_is_server (((openssl_ctx_t *) ctx)->ssl))
+ {
+ /*
+ * Cleanup pre-allocated app session and close transport
+ */
+ session_free (session_get (ctx->c_s_index, ctx->c_thread_index));
+ ctx->no_app_session = 1;
+ ctx->c_s_index = SESSION_INVALID_INDEX;
+ tls_disconnect_transport (ctx);
+ }
+ else
+ {
+ /*
+ * Also handles cleanup of the pre-allocated session
+ */
+ tls_notify_app_connected (ctx, /* is failed */ 1);
+ }
+}
+
int
openssl_ctx_handshake_rx (tls_ctx_t * ctx, session_t * tls_session)
{
@@ -240,19 +262,7 @@ openssl_ctx_handshake_rx (tls_ctx_t * ctx, session_t * tls_session)
ERR_error_string (ERR_get_error (), buf);
clib_warning ("Err: %s", buf);
- /*
- * Cleanup pre-allocated app session and close transport
- */
- if (SSL_is_server (oc->ssl))
- {
- session_free (session_get (ctx->c_s_index,
- ctx->c_thread_index));
- ctx->no_app_session = 1;
- ctx->c_s_index = SESSION_INVALID_INDEX;
- tls_disconnect_transport (ctx);
- }
- else
- tls_notify_app_connected (ctx, /* is failed */ 1);
+ openssl_handle_handshake_failure (ctx);
return -1;
}
@@ -758,7 +768,7 @@ openssl_transport_close (tls_ctx_t * ctx)
{
if (!openssl_handshake_is_over (ctx))
{
- session_close (session_get_from_handle (ctx->tls_session_handle));
+ openssl_handle_handshake_failure (ctx);
return 0;
}
session_transport_closing_notify (&ctx->connection);
diff --git a/src/vnet/session/session.c b/src/vnet/session/session.c
index 33f1e26fd6d..7b53a47023a 100644
--- a/src/vnet/session/session.c
+++ b/src/vnet/session/session.c
@@ -235,7 +235,7 @@ session_delete (session_t * s)
/* Delete from the main lookup table. */
if ((rv = session_lookup_del_session (s)))
- clib_warning ("hash delete error, rv %d", rv);
+ clib_warning ("session %u hash delete rv %d", s->session_index, rv);
session_free_w_fifos (s);
}
diff --git a/src/vnet/tls/tls.c b/src/vnet/tls/tls.c
index 1358f9cb345..4fff72f1cda 100644
--- a/src/vnet/tls/tls.c
+++ b/src/vnet/tls/tls.c
@@ -411,6 +411,7 @@ tls_session_accept_callback (session_t * tls_session)
tls_session->opaque = ctx_handle;
ctx->tls_session_handle = session_handle (tls_session);
ctx->listener_ctx_index = tls_listener->opaque;
+ ctx->c_flags |= TRANSPORT_CONNECTION_F_NO_LOOKUP;
/* Preallocate app session. Avoids allocating a session post handshake
* on tls_session rx and potentially invalidating the session pool */
@@ -469,6 +470,7 @@ tls_session_connected_callback (u32 tls_app_index, u32 ho_ctx_index,
ctx->c_thread_index = vlib_get_thread_index ();
ctx->tls_ctx_handle = ctx_handle;
+ ctx->c_flags |= TRANSPORT_CONNECTION_F_NO_LOOKUP;
TLS_DBG (1, "TCP connect for %u returned %u. New connection [%u]%x",
ho_ctx_index, is_fail, vlib_get_thread_index (),