summaryrefslogtreecommitdiffstats
path: root/src/plugins/tlsopenssl
diff options
context:
space:
mode:
authorFlorin Coras <fcoras@cisco.com>2019-08-08 17:38:26 -0700
committerDave Barach <openvpp@barachs.net>2019-08-09 11:49:49 +0000
commitd09236d17d86a5d50166b2017f8f30a560c6e1b8 (patch)
tree68d5a288f64ae59d38c1d8758299da891df5891c /src/plugins/tlsopenssl
parentf03c49413f270386d46a82dd9a3bce819cf81250 (diff)
tls: mark as no lookup transport
Type:fix Also fix transport close while handshake is ongoing. Change-Id: I004c56d2297d0847c2cb77202f8fba3edaacad29 Signed-off-by: Florin Coras <fcoras@cisco.com>
Diffstat (limited to 'src/plugins/tlsopenssl')
-rw-r--r--src/plugins/tlsopenssl/tls_openssl.c38
1 files changed, 24 insertions, 14 deletions
diff --git a/src/plugins/tlsopenssl/tls_openssl.c b/src/plugins/tlsopenssl/tls_openssl.c
index ee6b0e3172e..8d0fd36a04f 100644
--- a/src/plugins/tlsopenssl/tls_openssl.c
+++ b/src/plugins/tlsopenssl/tls_openssl.c
@@ -205,6 +205,28 @@ vpp_ssl_async_retry_func (tls_ctx_t * ctx, openssl_resume_handler * handler)
#endif
+static void
+openssl_handle_handshake_failure (tls_ctx_t * ctx)
+{
+ if (SSL_is_server (((openssl_ctx_t *) ctx)->ssl))
+ {
+ /*
+ * Cleanup pre-allocated app session and close transport
+ */
+ session_free (session_get (ctx->c_s_index, ctx->c_thread_index));
+ ctx->no_app_session = 1;
+ ctx->c_s_index = SESSION_INVALID_INDEX;
+ tls_disconnect_transport (ctx);
+ }
+ else
+ {
+ /*
+ * Also handles cleanup of the pre-allocated session
+ */
+ tls_notify_app_connected (ctx, /* is failed */ 1);
+ }
+}
+
int
openssl_ctx_handshake_rx (tls_ctx_t * ctx, session_t * tls_session)
{
@@ -240,19 +262,7 @@ openssl_ctx_handshake_rx (tls_ctx_t * ctx, session_t * tls_session)
ERR_error_string (ERR_get_error (), buf);
clib_warning ("Err: %s", buf);
- /*
- * Cleanup pre-allocated app session and close transport
- */
- if (SSL_is_server (oc->ssl))
- {
- session_free (session_get (ctx->c_s_index,
- ctx->c_thread_index));
- ctx->no_app_session = 1;
- ctx->c_s_index = SESSION_INVALID_INDEX;
- tls_disconnect_transport (ctx);
- }
- else
- tls_notify_app_connected (ctx, /* is failed */ 1);
+ openssl_handle_handshake_failure (ctx);
return -1;
}
@@ -758,7 +768,7 @@ openssl_transport_close (tls_ctx_t * ctx)
{
if (!openssl_handshake_is_over (ctx))
{
- session_close (session_get_from_handle (ctx->tls_session_handle));
+ openssl_handle_handshake_failure (ctx);
return 0;
}
session_transport_closing_notify (&ctx->connection);